psa Posted October 16, 2006 Report Share Posted October 16, 2006 My virus guard McAfee has flagged up a couple of viruses. Have I managed to clean them out of the pc?AVG report---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 11:28:07 16/10/2006 + Scan result: C:\WINNT\$NtUninstallKB841873$\netapi32.dll -> Not-A-Virus.Exploit.Win32.CAN.20030533 : Cleaned.C:\WINNT\ServicePackFiles\i386\netapi32.dll -> Not-A-Virus.Exploit.Win32.CAN.20030533 : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\andrewps\Cookies\andrewps@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.C:\Documents and Settings\andrewps\Cookies\andrewps@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.C:\Documents and Settings\andrewps\Cookies\andrewps@com[2].txt -> TrackingCookie.Com : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.C:\Documents and Settings\andrewps\Cookies\andrewps@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.C:\Documents and Settings\andrewps\Cookies\[email protected][1].txt -> TrackingCookie.Planetactive : Cleaned.C:\Documents and Settings\andrewps\Cookies\andrewps@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.::Report endHIJACK THIS LOGLogfile of HijackThis v1.99.1Scan saved at 11:46:23, on 16/10/2006Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\ibmpmsvc.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINNT\floplock.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\mcshield.exeC:\Program Files\Network Associates\VirusScan\vstskmgr.exeC:\mssql7\binn\sqlservr.exeC:\program files\notes\ntmulti.exeC:\PROGRA~1\AT&TGL~1\NetCfgSv.EXEC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINNT\system32\stisvc.exeC:\WINNT\system32\TpKmpSVC.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\PROGRA~1\Xpoint\xpadmin\xpadmin.exeC:\PROGRA~1\Xpoint\agent\Xpagent.exeC:\PROGRA~1\Xpoint\EEClient\xpclient.exeC:\WINNT\system32\cmd.exeC:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\Explorer.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINNT\system32\ltmsg.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\WINNT\AGRSMMSG.exeC:\Program Files\IBM\Messages By IBM\ibmmessages.exeC:\Program Files\Xpoint\PE\Skin\rrpcsb.exeC:\Program Files\Xpoint\PE\pcrecsa.exeC:\WINNT\system32\RunDll32.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINNT\system32\TpShocks.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exeC:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\INTEL\DSLSetup\ProDsl.exeC:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.ExeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXEC:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeC:\Program Files\TomTom HOME\TomTomHOME.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\McAfee\Common Framework\UpdaterUI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINNT\system32\internat.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\mssql7\Binn\sqlmangr.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Network Associates\VirusScan\mcconsol.exeF:\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.62.*;170.230.*;*.cpb.com;*.soups.com;62.185.95.179;129.39.225.188;<local>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exeO4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.regO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGINO4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exeO4 - HKLM\..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\rrpcsb.exeO4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitorO4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXEO4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitorO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exeO4 - HKLM\..\Run: [setupType] PortableO4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exeO4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -aO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytrayO4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeO4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -sO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [internat.exe] internat.exeO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exeO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeO4 - Global Startup: Service Manager.lnk = C:\mssql7\Binn\sqlmangr.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO11 - Options group: [JAVA_IBM] Java (IBM)O14 - IERESET.INF: START_PAGE_URL=about:blankO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouk.comO17 - HKLM\System\CCS\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.comO17 - HKLM\System\CCS\Services\Tcpip\..\{E6B6CEA5-4CF2-4550-9CCB-E7A8F1B20603}: NameServer = 170.230.236.46,170.230.236.36O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ouk.comO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.comO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouk.comO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.comO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.comO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXEO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: floppylock - Unknown owner - C:\WINNT\floplock.exeO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exeO23 - Service: Multi-user Cleanup Service - Unknown owner - C:\program files\notes\ntmulti.exeO23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXEO23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exeO23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYSO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exeO23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exeO23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe Quote Link to post Share on other sites
therock247uk Posted October 16, 2006 Report Share Posted October 16, 2006 Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Quote Link to post Share on other sites
psa Posted October 18, 2006 Author Report Share Posted October 18, 2006 Incident Status Location Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\andrewps\.jpi_cache\jar\1.0\menu.jr-44d9a832-4c3c6747.zip[beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\andrewps\.jpi_cache\jar\1.0\menu.jr-44d9a832-4c3c6747.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\andrewps\.jpi_cache\jar\1.0\menu.jr-44d9a832-4c3c6747.zip[NudeBox.class] Virus:Trj/ClassLoader.P Disinfected C:\Documents and Settings\andrewps\.jpi_cache\jar\1.0\menu.jr-44d9a832-4c3c6747.zip[Worker.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\andrewps\.jpi_cache\jar\1.0\menu.jr-44d9a832-4c3c6747.zip[VerifierBug.class] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\andrewps\Cookies\andrewps@2o7[2].txt Quote Link to post Share on other sites
therock247uk Posted October 18, 2006 Report Share Posted October 18, 2006 Ok post a new Hijackthis log here in a reply. Quote Link to post Share on other sites
psa Posted October 27, 2006 Author Report Share Posted October 27, 2006 Logfile of HijackThis v1.99.1Scan saved at 10:21:33, on 27/10/2006Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\ibmpmsvc.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exeC:\WINNT\floplock.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\mcshield.exeC:\Program Files\Network Associates\VirusScan\vstskmgr.exeC:\mssql7\binn\sqlservr.exeC:\program files\notes\ntmulti.exeC:\PROGRA~1\AT&TGL~1\NetCfgSv.EXEC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINNT\system32\stisvc.exeC:\WINNT\system32\TpKmpSVC.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\PROGRA~1\Xpoint\xpadmin\xpadmin.exeC:\PROGRA~1\Xpoint\agent\Xpagent.exeC:\PROGRA~1\Xpoint\EEClient\xpclient.exeC:\WINNT\system32\cmd.exeC:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\ltmsg.exeC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\WINNT\AGRSMMSG.exeC:\Program Files\IBM\Messages By IBM\ibmmessages.exeC:\Program Files\Xpoint\PE\Skin\rrpcsb.exeC:\WINNT\system32\RunDll32.exeC:\Program Files\Xpoint\PE\pcrecsa.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINNT\system32\TpShocks.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exeC:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\INTEL\DSLSetup\ProDsl.exeC:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.ExeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXEC:\Program Files\TomTom HOME\TomTomHOME.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\McAfee\Common Framework\UpdaterUI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINNT\system32\internat.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\NETWOR~1\MCAFEE~1\FireTray.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\mssql7\Binn\sqlmangr.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.51.87.140:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 213.62.*;170.230.*;*.cpb.com;*.soups.com;62.185.95.179;129.39.225.188;<local>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exeO4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.regO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGINO4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exeO4 - HKLM\..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\rrpcsb.exeO4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitorO4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXEO4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitorO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exeO4 - HKLM\..\Run: [setupType] PortableO4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exeO4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -aO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytrayO4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeO4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -sO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [internat.exe] internat.exeO4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exeO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - Global Startup: McAfee Desktop Firewall Tray.lnk = C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireTray.exeO4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeO4 - Global Startup: Service Manager.lnk = C:\mssql7\Binn\sqlmangr.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO11 - Options group: [JAVA_IBM] Java (IBM)O14 - IERESET.INF: START_PAGE_URL=about:blankO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ouk.comO17 - HKLM\System\CCS\Services\Tcpip\..\{3A22ECFD-1D48-4F30-A047-F4AB3D5657DC}: Domain = europe.soups.comO17 - HKLM\System\CCS\Services\Tcpip\..\{E6B6CEA5-4CF2-4550-9CCB-E7A8F1B20603}: NameServer = 170.230.236.46,170.230.236.36O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ouk.comO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.comO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ouk.comO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.comO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ouk.com,europe.soups.com,eu.cpb.com,cpb.com,soups.com,oie.comO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exeO23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXEO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exeO23 - Service: floppylock - Unknown owner - C:\WINNT\floplock.exeO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exeO23 - Service: Multi-user Cleanup Service - Unknown owner - C:\program files\notes\ntmulti.exeO23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXEO23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exeO23 - Service: PictureTaker - LANovation - C:\WINNT\System32\PCTKRNT.SYSO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exeO23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exeO23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe Quote Link to post Share on other sites
therock247uk Posted October 28, 2006 Report Share Posted October 28, 2006 Your log is clean.Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:Detect and Remove Programs:How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.Prevention Programs: Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop up windows.I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.Other necessary Programs: AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.