Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please examine my hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

please examine my hijackthis log

Unread postby fortserious » June 29th, 2006, 6:21 pm

I've been doing my best identifying malicious files and deleting them, but I can never quite get my computer completely clean. Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 6:21:08 PM, on 6/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ross\My Documents\my shit\my downloads\hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\compstuic.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g27772921.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm
Advertisement
Register to Remove

reply

Unread postby tim s » June 29th, 2006, 9:42 pm

Hello fortserious,

Welcome to the MalWare Removal forums! My name is Tim. I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:

1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!

2. Understand that cleaning your computer can sometimes take multiple passes/posts,
and it's important to follow the steps as listed including re-running scans as listed

3. Please reply to this thread, do not start another.


If you can do those three things, everything should go smoothly.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

reply

Unread postby tim s » June 30th, 2006, 10:08 am

Hello fortserious,

Your log does show an infection so we will get started
--------------------------------------------------------------------------------------------
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c:\windelf.txt, along with a new HijackThis log.
-----------------------------------------------------------------------------------------

Now let's do the following;


Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:(some may not be present just move to next)

O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\compstuic.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g27772921.dll



After you check these items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.
-------------------------------------------------------

To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon (or click Start, then select My Computer)
  • Select the Tools menu (at top of screen) and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.
------------------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:

    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml
-------------------------------------------------------------------------------

Deleting Files and Folders

Use Explorer to navigate to and delete the following files (if they are present):

Files:

  • C:\WINDOWS\compstuic.dll
  • C:\WINDOWS\g27772921.dll


Reboot normally
---------------------------------------------------------------------------------

Please download Ewido to your Desktop or to your usual Download Folder.
ewido anti-spyware tool
  • Close all other Applications
  • Install Ewido by double clicking the installer.
  • Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Make sure that Launch Ewido is checked
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • If beside autoupdate shows active Wait again a few minutes and Ewido Should Auto update itself. If it shows inactive click update at top of screen.
  • This in very important to get updates
  • When updating has finished. On the main screen under Your Computer's security.

    • On Ewido screen look at Resident Shield click on change state to make it inactive.
  • Close Ewido.
If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.
Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

  • Open Ewido
  • Click on scanner top of Ewido sceen
  • Click on Settings
  • Under How to Act click on Recommended Action choose Quarantine
  • Under How to scan all boxes should be selected
  • Under Possibly unwanted software all boxes should be selected
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file
  • Click On scan Tab
  • Click on Complete system scan
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished At bottom of screen.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop
  • Click Save
  • Exit ewido

Reboot back to normal mode
-----------------------------------------------------------------------------------------


Please post these in your next reply:
windelf.txt
Ewido report
New HJT log

You may need several replies to post the requested logs, otherwise they might get cut off
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby fortserious » June 30th, 2006, 12:29 pm

************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
g27772921.dll
compstuic.dll

File(s) found in system32 folder
--------------------------------

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"


sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00605
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]
@="C:\\WINDOWS\\g27772921.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InprocServer32]
@="C:\\WINDOWS\\g27772921.dll"
"ThreadingModel"="Apartment"



Notify key
----------
subkey cfgmngr32 is present!



AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------
g27772921.dll

File(s) found in system32 folder
--------------------------------
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



Notify key
----------

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:21:36 PM 6/30/2006

+ Scan result:



C:\Documents and Settings\ross\Local Settings\Temporary Internet Files\Content.IE5\PIIEG51C\anti4[1].exe -> Adware.Virtumonde :

Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc100.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc101.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc102.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc103.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc104.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc105.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc106.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc107.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc108.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc109.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc110.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc111.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc112.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc113.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc114.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc115.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc116.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc117.dll -> Downloader.Delf.amb : Cleaned with backup

(quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc97.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc98.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc99.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\Documents and Settings\ross\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Y1123OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.573:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.655:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.711:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.651:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.635:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.636:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.419:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.420:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.492:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.495:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.482:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.656:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.722:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.346:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.347:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.406:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.453:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.454:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.520:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.539:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.599:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.629:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.706:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.605:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.608:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.577:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.330:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.594:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.595:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.603:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.604:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.619:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.621:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.496:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.578:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.637:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.638:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.639:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.353:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.354:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.486:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.640:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.446:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.436:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.634:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.600:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt ->

TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\ross\Local Settings\Temporary Internet Files\Content.IE5\0PQLI5W5\bgates[1].exe -> Trojan.Dialer.pz :

Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 12:27:46 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ross\My Documents\my shit\my downloads\hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program

Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth

Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel

Networks\Extranet_serv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program

Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

reply

Unread postby tim s » June 30th, 2006, 2:57 pm

Hello fortserious

There are some infected cookies that we need to clean out along with some temporary internet files. This tool will clear those out.

You can delete win32delfkil.exe and windelf.txt
----------------------------------------------------------------------------
Please do next:

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.

  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree. Watch screen when installing and uncheck block Ccleaner Yahoo Toolbar it is optional
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," Make sure there is a check in "Cookies" (You will need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, make sure there is a check mark in "Cookies" box it is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
  • Shutdown/restart the computer.

-------------------------------------------------------------------
I will need you to rerun Ewido and post another report just follow instuctions on how to run in eariler post(reply)

-----------------------------------------------------------
Now run this scan we want to make sure we are getting it all.

Run an online scan at Kaspersky

If you have a and extra tool that blocks popups(I hear beep when mine pops it) you will have to click on it and allow Kaspersky 's popup link.

  • Please go here to run Kaspersky Online Virus Scanner.
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:

    1. Scan using the following Anti-Virus database:
    • Extended

    2. Scan Options:
    • Scan Archives
    • Scan Mail Bases
  • Click OK
  • Now under select a target to scan, select My Computer.
  • This will scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button, and save it to your Desktop.
  • Copy and paste that information in your next post.

--------------------------------------------------------------------------------------------------------------------
Please post these in your next reply:
Ewido report
Kaspersky scan results
New HJT log

You may need several replies to post the requested logs, otherwise they might get cut off
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby fortserious » June 30th, 2006, 6:22 pm

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:11:34 PM 6/30/2006

+ Scan result:



C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008682.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008683.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008684.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008685.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008686.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008687.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008688.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008689.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008690.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008691.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008692.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008693.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008694.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008695.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008696.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008697.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008698.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008699.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008700.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008701.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008702.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008681.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).


::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, June 30, 2006 6:18:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/06/2006
Kaspersky Anti-Virus database records: 203884
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 65873
Number of viruses found: 7
Number of infected objects: 22 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:53:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Lenovo\messages\logs\lf000.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ross\Application Data\Aim\fortserious\cert8.db Object is locked skipped
C:\Documents and Settings\ross\Application Data\Aim\fortserious\key3.db Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cert8.db Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\history.dat Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\key3.db Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\parent.lock Object is locked skipped
C:\Documents and Settings\ross\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbdam Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbdao Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbeam Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbeao Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbm Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\fii.cf1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\fiih.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\hp Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\rpm.cf1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\ross\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\History\History.IE5\MSHist012006063020060701\index.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\Perflib_Perfdata_34c.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\Perflib_Perfdata_bc4.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\Perflib_Perfdata_ecc.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\~DF3466.tmp Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\~DF36D9.tmp Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\~DF4853.tmp Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\~DFE7D2.tmp Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ross\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ross\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ross\UserData\index.dat Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\BWXGO0BA.NQF Infected: not-virus:Hoax.Win32.Renos.dv skipped
C:\Program Files\ESET\infected\M0HWY1CA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\M0HWY1CA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\M0HWY1CA.NQF NSIS: infected - 2 skipped
C:\Program Files\ESET\infected\M0HWY1CA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\infected\TXUYLFBA.NQF Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\Z0KQO1BA.NQF Infected: Trojan-Downloader.Win32.IstBar.ff skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\SteamApps\winui.gcf Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP19\A0005398.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP20\A0007425.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP20\A0007444.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008866.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9E2097AB-39A1-4450-A29A-70D9CD62C035}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\c46e5166.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_52c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 6:12:21 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ross\My Documents\my shit\my downloads\hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

It looks like kaspersky also found my anti virus' quarantine bay...haha.

Thanks for your help so far.
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

reply

Unread postby tim s » July 1st, 2006, 1:06 am

Hello fortserious,

It looks like you still have one more infected file to take care of.

Caution:To inform AIM users.
There is a brand new worm that's just been discovered. Its known vector of infection is AIM...
that disables security program and also disables XP's ability to warn you that the services have been turned off. There will be no warnings from firewall or antivirus programs. It accomplishes this by making changes to the registry. It also establishes a back door into the system. All of this renders the system insecure. The only certain way at this point to re-establish the system's security is to nuke and pave, i.e., reformat and reinstall, as it may be impossible to know all the changes that have been made to the system's settings.

Given all of the above, it would be prudent to avoid using AIM and, at least temporarily, switch to a program like Trillian that will still allow communication with AIM users as well as MSN and Yahoo IM users. In any event, clicking on a link in an IM that appears to have been sent by a known "Buddy" should be avoided at all costs.
-------------------------------------------------------------

Make sure you are still set to show hide files and folders from pervious post.
Next, please reboot your computer in Safe Mode by doing the following:

    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml
-------------------------------------------------------------------------------

Deleting Files and Folders

Use Explorer to navigate to and delete the following file (if it is present):

Files:

  • C:\WINDOWS\system32\c46e5166.exe

Please let me know if you were successful in deleting file.
-----------------------------------------------------
You should still be in safe mode rerun Ewido as same as before.
When done reboot back to normal mode


----------------------------------------------------------------------------------

Rerun KASPERSKY scan

-------------------------------------------------
Please post these in your next reply:
Kaspersky scan results
Ewido report
New HJT log

You may need several replies to post the requested logs, otherwise they might get cut off
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby fortserious » July 1st, 2006, 3:57 am

Yes, I successfully deleted the file.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 01, 2006 3:55:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/07/2006
Kaspersky Anti-Virus database records: 203951
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 65109
Number of viruses found: 7
Number of infected objects: 22 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:55:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Lenovo\messages\logs\lf000.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ross\Application Data\Aim\fortserious\cert8.db Object is locked skipped
C:\Documents and Settings\ross\Application Data\Aim\fortserious\key3.db Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cert8.db Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\history.dat Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\key3.db Object is locked skipped
C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\parent.lock Object is locked skipped
C:\Documents and Settings\ross\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbdam Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbdao Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbeam Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbeao Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbm Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\fii.cf1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\fiih.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\hp Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\rpm.cf1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Google\Google Desktop\d5e5586023c6\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\ross\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\History\History.IE5\MSHist012006070120060702\index.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\Perflib_Perfdata_ca4.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\Perflib_Perfdata_cf4.dat Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\~DFB17E.tmp Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\~DFD9CC.tmp Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temp\~DFF8ED.tmp Object is locked skipped
C:\Documents and Settings\ross\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ross\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ross\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ross\UserData\index.dat Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\30MBEQAA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\BWXGO0BA.NQF Infected: not-virus:Hoax.Win32.Renos.dv skipped
C:\Program Files\ESET\infected\M0HWY1CA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\M0HWY1CA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\M0HWY1CA.NQF NSIS: infected - 2 skipped
C:\Program Files\ESET\infected\M0HWY1CA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\infected\TXUYLFBA.NQF Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\WTK3JQAA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\Z0KQO1BA.NQF Infected: Trojan-Downloader.Win32.IstBar.ff skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\SteamApps\winui.gcf Object is locked skipped
C:\RECYCLER\S-1-5-21-3490188923-1378386046-2592096613-1005\Dc1.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP19\A0005398.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP20\A0007425.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP20\A0007444.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\A0008866.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1CE5F62F-BE0E-4BC4-A7B8-EDFB1C91F476}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_530.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:40:05 AM 7/1/2006

+ Scan result:



:mozilla.50:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\ross\Application Data\Mozilla\Firefox\Profiles\fiv8norb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 3:57:03 AM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ross\My Documents\my shit\my downloads\hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

reply

Unread postby tim s » July 1st, 2006, 2:11 pm

HI fortserious,

Log looks clean... great job!

Please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable
    and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Re-enable system restore with instructions from tutorial above

  2. Re Hide system files.
    To do so, please follow the steps below:
    1. Double-click My Computer.
    2. Click the Tools menu, and then click Folder Options.
    3. Click the View tab.
    4. Put a check by "Hide file extensions for known file types."
    5. Under the "Hidden files" folder, select "Show hidden files and folders."
    6. Check "Hide protected operating system files."
    7. Click Apply, and then click OK.



  3. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.

  4. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine.
    This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  5. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  6. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  7. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  8. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.
    You should also scan your computer with this program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  9. Install Ad-Aware - Download and install Ad-Aware.
    You should also scan your computer with this program on a regular basis
    just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  10. Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  11. IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    Using IE-SPYAD to help block unwanted sites and activities

  12. Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.


Follow this list and your potential for being infected again will reduce dramatically.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby fortserious » July 1st, 2006, 2:30 pm

Thanks a ton, tim s! I'll be sure to refer all my friends and family to this site if they have any trouble. :)
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

reply

Unread postby tim s » July 1st, 2006, 5:25 pm

Thanks Glad we could help happy Surfin' :)
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby 'KotaGuy » July 9th, 2006, 12:01 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware