Dear Dorian,
> Where did you move the files to ??
I moved the files to a folder named "suspicious" under system32. One of the files (file2.exe) was caught by Ewido.
>Can I ask that you wait for instructions rather than acting on your own...
Sure, I am sorry. My computer is an essential part of my work, I was just trying to get to a somewhat stable enough system to allow me to a least run some backups.
Here are the logs:
(The Ewido reports says "No action taken" but the report was saved before applying all actions)
----------------
Ewido Report
----------------
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:53:03 PM 7/6/2006
+ Scan result:
C:\Documents and Settings\erics\My Documents\Erics\RA-Portscan.zip/RA-PortScanner.exe -> Not-A-Virus.HackTool.Win32.VB.a : No action taken.
C:\Documents and Settings\erics\My Documents\Erics\portscan.zip/portscan.exe -> Not-A-Virus.NetTool.Win32.Scan.11 : No action taken.
C:\Program Files\Radmin\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : No action taken.
C:\WINNT\system32\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : No action taken.
C:\WINNT\system32\suspicious\file2.exe -> Proxy.Agent.gx : No action taken.
C:\Documents and Settings\test\Cookies\test@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@anheuserbusch.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@broadspancommerce.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@cornerstone.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@couponchief.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@cratebarrel.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@etronics.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@marketlive.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@polo.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@saksfifthavenue.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@sonycorporate.122.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@thomasvillefurniture.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@webxites.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\erics\Cookies\erics@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\tina\Cookies\tina@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\tina\Cookies\tina@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\tina\Cookies\tina@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\tina\Cookies\tina@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\erics\Cookies\erics@ads15.bpath[1].txt -> TrackingCookie.Bpath : No action taken.
C:\Documents and Settings\erics\Cookies\erics@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\tina\Cookies\tina@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\erics\Cookies\erics@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\tina\Cookies\tina@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\tina\Cookies\tina@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\tina\Cookies\tina@cj[1].txt -> TrackingCookie.Cj : No action taken.
C:\Documents and Settings\erics\Cookies\erics@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\erics\Cookies\erics@news.com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\erics\Cookies\erics@techrepublic.com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\tina\Cookies\tina@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\tina\Cookies\tina@news.com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\tina\Cookies\tina@overture-mysimon.com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\erics\Cookies\erics@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\tina\Cookies\tina@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\erics\Cookies\erics@-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ckajgkqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@-1shz2prbmdj6wvny-1sez2pra2dj6wjloqjd5ekoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@-1shz2prbmdj6wvny-1sez2pra2dj6wjlyugajecoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1mczwepg2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1mdzmhogidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@a-1shz2prbmdj6wvny-1sez2pra2dj6wjmiwnd5scqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@a-1shz2prbmdj6wvny-1sez2pra2dj6wjmyagczkfoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@a-1shz2prbmdj6wvny-1sez2pra2dj6wjmysic5wloa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wflikmc5kcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wflismajcao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wgkyshczmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjk4upazsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjkosid5gbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjkyknajahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjkyolczaeq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjmiwod5wbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjny-1md5kk.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjnyaidpcdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjnycmdpwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjnyehcjgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjnygiajgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjnygnc5iho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@e-2dj6wjnyqncjafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wfl4ejdpwcowydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4amcpsdogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4wjczefpgydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyaodjaaqqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysndzigpqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliglazseogidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliohd5ccpgydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlioicpmhoqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliugcjmeqqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlosldzsdowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmigmc5oloa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyakcjodpq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycodpkhqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeicpiepw2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyomazeaqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wfk4umc5scq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wfkoqhdjalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wfl4eid5wco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wfliqkd5ihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wflokid5olp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wfmyqhdjogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjk4ulczico.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjkoggdjkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjkycidjikp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjkyojdzweq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjkyqlczgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjkysgdzidq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjl4knczkhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjloekdpobp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjlowicjaco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjlyagcjmgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjlyegdzwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjmismd5wco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjnycgc5wdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjnygicpslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@e-2dj6wjnygmdzodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiuiazogqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiwndpoapgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkykkdjcfogudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kgdpigowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocmajicqamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowkczsepqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyapd5cfpqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycjdjmepg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyujdjifpgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyupdjihpamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4cjd5wfoa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliugcjmeqqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliwpdpcfpw2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokjdzgdoasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyanczkeqamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycgazabqasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyohdjidqqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywgdzohpq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\test\Cookies\test@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\tina\Cookies\tina@hypertracker[1].txt -> TrackingCookie.Hypertracker : No action taken.
C:\Documents and Settings\erics\Cookies\erics@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\tina\Cookies\tina@ivwbox[2].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\erics\Cookies\erics@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\tina\Cookies\tina@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\erics\Cookies\erics@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\tina\Cookies\tina@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\tina\Cookies\tina@data3.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\erics\Cookies\erics@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : No action taken.
C:\Documents and Settings\erics\Cookies\erics@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\tina\Cookies\tina@cruises.res99[1].txt -> TrackingCookie.Res99 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@www.res99[1].txt -> TrackingCookie.Res99 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\tina\Cookies\tina@starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\erics\Cookies\erics@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\erics\Cookies\erics@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\tina\Cookies\tina@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\tina\Cookies\tina@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\erics\Cookies\erics@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@server3.web-stat[2].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\tina\Cookies\tina@web-stat[2].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\tina\Cookies\tina@webstat[1].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\tina\Cookies\tina@www.web-stat[1].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\tina\Cookies\tina@affiliates.x10[1].txt -> TrackingCookie.X10 : No action taken.
C:\Documents and Settings\tina\Cookies\tina@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\tina\Cookies\tina@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
::Report end
----------
HJT Log
----------
Logfile of HijackThis v1.99.1
Scan saved at 10:53:10 PM, on 7/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ssoftsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\VoSKY Call Center\USBDRAM.exe
C:\Program Files\VoSKY Call Center\USBVoSKY.exe
C:\Program Files\PTSync\PTSync.exe
C:\Program Files\Namo\WebBoard\Bin\APMTool.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
=
http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
(no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467}
- C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan -
{BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program
Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\IC\Card
Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program
Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program
Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter
4.5\THGuard.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido
anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [OfotoNow USB Detection]
C:\WINNT\system32\RunDLL32.exe
C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection
OfotoNow
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot
- Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero
BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [FWBootup] C:\Program Files\VoSKY Call
Center\USBDRAM.exe
O4 - HKCU\..\Run: [VoKU Call Center] C:\Program Files\VoSKY
Call Center\USBVoSKY.exe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: HotSync Manager.lnk = C:\Program
Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Karen's Time Sync.lnk = C:\Program
Files\PTSync\PTSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Namo APM Manager.lnk = C:\Program
Files\Namo\WebBoard\Bin\APMTool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\system32\msjava.dll
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave
ActiveX Control) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com
Operating System Class) -
http://download.mcafee.com/molbin/share ... 0,0,101/mc
insctl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: obbn13t - obbn13t.dll (file missing)
O20 - Winlogon Notify: psksds - psksds.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service
(dmadmin) - VERITAS Software Corp. -
C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware
Development a.s. - C:\Program Files\ewido anti-spyware
4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG -
C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer,
Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee,
Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc -
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) -
McAfee Corporation -
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MySql - Unknown owner - C:/Program
Files/Namo/WebBoard/Server/MySQL/bin/mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0
(experimental) (rpcapd) - Unknown owner -
%ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Remote Administrator Service (r_server) -
Unknown owner - C:\WINNT\system32\r_server.exe" /service (file
missing)
O23 - Service: Cryptainer service (ssoftservice) - Cypherix -
A Business Division of Secure-Soft (India) Pvt Ltd -
C:\WINNT\SYSTEM32\ssoftsrv.exe
-------------
Haxfix log
-------------
HAXFIX logfile - by Marckie
--------------
version 3.03
Thu 07/06/2006 11:58:42.30
Auto Haxdoorfix