Lavasoft Support Forums > Please help me clear this Virus ive had

make believe

Oct 19 2006, 10:19 PM

My laptop got many popups appearing and a warning that it was infected by W32.Myzor.FK@yf shortly after i stupidly clicked yes when asked to install a codec.

I followed all the instructions in this topic: http://www.lavasoftsupport.com/index.php?showtopic=405

Now i have all these logs. Can somebody tell me what i need to do next. The system seems to be running better now but i want to make sure the virus has compleatly gone.
Thanks

Ad-Aware SE Build 1.06r1
Logfile Created on:19 October 2006 22:02:04
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R128 18.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MicroGaming(TAC index:4):1 total references
Tracking Cookie(TAC index:3):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

19-10-2006 22:02:04 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 816
ThreadCreationTime : 19-10-2006 19:21:19
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 19-10-2006 19:21:21
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 948
ThreadCreationTime : 19-10-2006 19:21:23
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 992
ThreadCreationTime : 19-10-2006 19:21:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1004
ThreadCreationTime : 19-10-2006 19:21:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1164
ThreadCreationTime : 19-10-2006 19:21:26
BasePriority : Normal

#:7 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1204
ThreadCreationTime : 19-10-2006 19:21:27
BasePriority : Normal

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1220
ThreadCreationTime : 19-10-2006 19:21:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1320
ThreadCreationTime : 19-10-2006 19:21:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1440
ThreadCreationTime : 19-10-2006 19:21:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [s24evmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1552
ThreadCreationTime : 19-10-2006 19:21:29
BasePriority : Normal
FileVersion : 7, 1, 3, 0
ProductVersion : 7, 1, 3, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2004 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1596
ThreadCreationTime : 19-10-2006 19:21:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1748
ThreadCreationTime : 19-10-2006 19:21:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [ireike.exe]
FilePath : C:\Program Files\Juniper\NetScreen-Remote\
ProcessID : 1844
ThreadCreationTime : 19-10-2006 19:21:30
BasePriority : Normal
FileVersion : 10.3.5 (Build 6)
ProductName : SafeNet VPN Client
CompanyName : SafeNet
FileDescription : IreIke Service Application
InternalName : IreIke
LegalCopyright : © 1997-2004 SafeNet, Inc. All rights reserved.
OriginalFilename : IreIke.exe

#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 288
ThreadCreationTime : 19-10-2006 19:21:32
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:16 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 780
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:17 [dmpserv.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 792
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 07-00
ProductName : Software Distribution Client
CompanyName : Hitachi,Ltd.
LegalCopyright : Copyright © 2003, Hitachi, Ltd.
Comments : P-2642-1377

#:18 [defwatch.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 808
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:19 [alertsrv.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 860
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 07-00
ProductName : Softwre Distribution Client
CompanyName : Hitachi, Ltd.
LegalCopyright : Copyright © 2003, Hitrachi, Ltd.
Comments : P-2642-1377

#:20 [rrpcsb.exe]
FilePath : C:\Program Files\IBM\IBM Rapid Restore Ultra\
ProcessID : 888
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : 4,0,0,4026
ProductVersion : 4,0,0,4026
ProductName : rrpcsb Module
FileDescription : rrpcsb Module
InternalName : rrpcsb
LegalCopyright : Copyright 2002
OriginalFilename : rrpcsb.EXE

#:21 [alertpro.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 892
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 07-00
ProductName : Software Distribution Client
CompanyName : Hitachi, Ltd.
LegalCopyright : Copyright © 2003, Hitrachi, Ltd.
Comments : P-2642-1377

#:22 [dmpwtcp.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 968
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 07-00
ProductName : Software Distribution Client
CompanyName : Hitachi,Ltd.
LegalCopyright : Copyright © 2003, Hitachi, Ltd.
Comments : P-2642-1377

#:23 [dmpicron.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 1072
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 07-00
ProductName : Software Distribution Client
CompanyName : Hitachi,Ltd.
LegalCopyright : Copyright © 2003, Hitachi, Ltd.
Comments : P-2642-1377

#:24 [ibguard.exe]
FilePath : C:\Program Files\Firebird\bin\
ProcessID : 132
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : WI-V1.0.3.972
ProductVersion : 1.0.3.972
ProductName : Firebird Database Server
CompanyName : FirebirdSQL Project
FileDescription : Firebird Database Server
InternalName : Firebird
LegalCopyright : Portions created by Inprise Corporation are Copyright © 2000 Inprise Corporation.
Comments : Original Code created by Inprise Corporation and its predecessors. Portions created by Inprise Corporation are Copyright © 2000 Inprise Corporation. Portions created by others are Copyright © 2000-2001 themselves and/or the FirebirdSQL Project.

#:25 [dmpusers.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 1236
ThreadCreationTime : 19-10-2006 19:21:39
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 07-00
ProductName : Software Distribution Client
CompanyName : Hitachi,Ltd.
LegalCopyright : Copyright © 2003, Hitachi, Ltd.
Comments : P-2642-1377

#:26 [ipsecmon.exe]
FilePath : C:\Program Files\Juniper\NetScreen-Remote\
ProcessID : 1252
ThreadCreationTime : 19-10-2006 19:21:40
BasePriority : Normal
FileVersion : 10.3.5 (Build 6)
ProductName : SafeNet VPN Client
CompanyName : SafeNet
FileDescription : IPSecMon Service Application
InternalName : IPSecMon
LegalCopyright : © 1997-2004 SafeNet, Inc. All rights reserved.
OriginalFilename : IpSecMon.exe

#:27 [rtvscan.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1436
ThreadCreationTime : 19-10-2006 19:21:40
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002

#:28 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1984
ThreadCreationTime : 19-10-2006 19:21:42
BasePriority : Normal

#:29 [qconsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 392
ThreadCreationTime : 19-10-2006 19:21:44
BasePriority : Normal
FileVersion : 3, 3, 0, 0
ProductVersion : 3, 3, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Service Component.
InternalName : QConSvc
LegalCopyright : Copyright © IBM Corp. 2001, 2004
OriginalFilename : QConSvc.Exe
Comments : IBM Access Connections Component.

#:30 [regsrvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 340
ThreadCreationTime : 19-10-2006 19:21:44
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:31 [dmrcagnt.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 612
ThreadCreationTime : 19-10-2006 19:21:44
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 7,0,0,0
ProductName : JP1/Remote Control
CompanyName : Hitachi, Ltd.
FileDescription : Remote Control Agent
LegalCopyright : Copyright © 2003, Hitachi, Ltd.
OriginalFilename : DMRCAGNT.EXE

#:32 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 700
ThreadCreationTime : 19-10-2006 19:21:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:33 [tpkmpsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 588
ThreadCreationTime : 19-10-2006 19:21:45
BasePriority : Normal

#:34 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1508
ThreadCreationTime : 19-10-2006 19:21:45
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:35 [symwsc.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 2088
ThreadCreationTime : 19-10-2006 19:21:46
BasePriority : Normal
FileVersion : 2005.1.00.111
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:36 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2264
ThreadCreationTime : 19-10-2006 19:21:47
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:37 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2416
ThreadCreationTime : 19-10-2006 19:21:50
BasePriority : Normal
FileVersion : 7.5.17.12 16Jun04
ProductVersion : 7.5.17.12 16Jun04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:38 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2424
ThreadCreationTime : 19-10-2006 19:21:50
BasePriority : Normal
FileVersion : 7.5.17.12 16Jun04
ProductVersion : 7.5.17.12 16Jun04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:39 [tpshocks.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2524
ThreadCreationTime : 19-10-2006 19:21:52
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : n/a TpShocks
CompanyName : IBM Corp.
FileDescription : IBM Active Protection System
InternalName : TpShocks
LegalCopyright : Copyright © IBM Corp. 2003-2004
OriginalFilename : TpShocks.exe

#:40 [tphkmgr.exe]
FilePath : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 2580
ThreadCreationTime : 19-10-2006 19:21:53
BasePriority : Above Normal

#:41 [tponscr.exe]
FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 2636
ThreadCreationTime : 19-10-2006 19:21:54
BasePriority : Normal

#:42 [tpscrex.exe]
FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\
ProcessID : 2664
ThreadCreationTime : 19-10-2006 19:21:54
BasePriority : Normal
FileVersion : 1.06
ProductVersion : 1.06
ProductName : ThinkPad UltraZoom
CompanyName : IBM Corporation
FileDescription : ThinkPad UltraZoom
InternalName : TPSCREX
LegalCopyright : Copyright © 2000, IBM Corporation
OriginalFilename : TpScrEx.exe

#:43 [ezejmnap.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 2748
ThreadCreationTime : 19-10-2006 19:21:54
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad EasyEject Support Application
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad EasyEject Support Application
InternalName : IBM ThinkPad EasyEject Support Application
LegalCopyright : Copyright © IBM Corp. 2002,2004.
OriginalFilename : EzEjMnAp.EXE

#:44 [ibserver.exe]
FilePath : C:\Program Files\Firebird\bin\
ProcessID : 2836
ThreadCreationTime : 19-10-2006 19:21:59
BasePriority : Normal
FileVersion : WI-V1.0.3.972
ProductVersion : 1.0.3.972
ProductName : Firebird Database Server
CompanyName : FirebirdSQL Project
FileDescription : Firebird Database Server
InternalName : Firebird
LegalCopyright : Portions created by Inprise Corporation are Copyright © 2000 Inprise Corporation.
Comments : Original Code created by Inprise Corporation and its predecessors. Portions created by Inprise Corporation are Copyright © 2000 Inprise Corporation. Portions created by others are Copyright © 2000-2001 themselves and/or the FirebirdSQL Project.

#:45 [ibmprc.exe]
FilePath : C:\IBMTOOLS\UTILS\
ProcessID : 3164
ThreadCreationTime : 19-10-2006 19:22:09
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : ibmprc Application
CompanyName : IBM Corp.
FileDescription : ibmprc Application
InternalName : ibmprc
LegalCopyright : Copyright © 2004 IBM
OriginalFilename : ibmprc.exe

#:46 [qctray.exe]
FilePath : C:\Program Files\ThinkPad\ConnectUtilities\
ProcessID : 3176
ThreadCreationTime : 19-10-2006 19:22:10
BasePriority : Normal
FileVersion : 3, 3, 0, 0
ProductVersion : 3, 3, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Taskbar Application.
InternalName : QCTray
LegalCopyright : Copyright © IBM Corp. 2001, 2004
OriginalFilename : QCTray.exe
Comments : IBM Access Connections Component.

#:47 [qcwlicon.exe]
FilePath : C:\Program Files\ThinkPad\ConnectUtilities\
ProcessID : 3200
ThreadCreationTime : 19-10-2006 19:22:10
BasePriority : Normal
FileVersion : 3, 3, 0, 0
ProductVersion : 3, 3, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Wireless Status Icon.
InternalName : QCWLIcon
LegalCopyright : Copyright © IBM Corp. 2001, 2004
OriginalFilename : QCWLIcon.exe
Comments : IBM Access Connections Component.

#:48 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3256
ThreadCreationTime : 19-10-2006 19:22:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:49 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 3280
ThreadCreationTime : 19-10-2006 19:22:11
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002

#:50 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3740
ThreadCreationTime : 19-10-2006 19:22:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:51 [dmpsetup.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 1800
ThreadCreationTime : 19-10-2006 19:22:15
BasePriority : Normal

#:52 [hpztsb10.exe]
FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\
ProcessID : 3372
ThreadCreationTime : 19-10-2006 19:22:21
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:53 [hpcmpmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\
ProcessID : 3684
ThreadCreationTime : 19-10-2006 19:22:22
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:54 [dmrcasrv.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 1392
ThreadCreationTime : 19-10-2006 19:22:25
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 7,0,0,0
ProductName : JP1/Remote Control
CompanyName : Hitachi, Ltd.
FileDescription : Remote Control Agent
LegalCopyright : Copyright © 2003, Hitachi, Ltd.
OriginalFilename : DMRCAGNT.EXE

#:55 [hpwuschd2.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\
ProcessID : 1408
ThreadCreationTime : 19-10-2006 19:22:25
BasePriority : Normal
FileVersion : 3, 0, 38, 1
ProductVersion : 3, 0, 38, 1
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:56 [datalayer.exe]
FilePath : C:\Program Files\Common Files\PCSuite\DataLayer\
ProcessID : 1716
ThreadCreationTime : 19-10-2006 19:22:27
BasePriority : Normal
FileVersion : 6, 60, 109, 2
ProductVersion : 6, 0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright © 2005. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe

#:57 [dmrcctrn.exe]
FilePath : C:\Program Files\HITACHI\NETMDMP\BIN\
ProcessID : 2056
ThreadCreationTime : 19-10-2006 19:22:28
BasePriority : Normal
FileVersion : 7, 0, 0, 0
ProductVersion : 7,0,0,0
ProductName : JP1/Remote Control
CompanyName : Hitachi, Ltd.
FileDescription : File Transfer
LegalCopyright : Copyright © 2003, Hitachi, Ltd.
OriginalFilename : DMRCCTRN.EXE

#:58 [launchapplication.exe]
FilePath : C:\Program Files\Nokia\Nokia PC Suite 6\
ProcessID : 2216
ThreadCreationTime : 19-10-2006 19:22:31
BasePriority : Normal

#:59 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3004
ThreadCreationTime : 19-10-2006 19:22:40
BasePriority : Normal
FileVersion : 6.0.3.5
ProductVersion : 6.0.3.5
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:60 [servic~1.exe]
FilePath : C:\PROGRA~1\COMMON~1\PCSuite\Services\
ProcessID : 472
ThreadCreationTime : 19-10-2006 19:22:44
BasePriority : Normal
FileVersion : 6, 60, 33, 1
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2005 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:61 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 3368
ThreadCreationTime : 19-10-2006 19:22:45
BasePriority : Normal
FileVersion : 7.0.4
ProductVersion : QuickTime 7.0.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:62 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3672
ThreadCreationTime : 19-10-2006 19:22:47
BasePriority : Normal
FileVersion : 6.0.3.5
ProductVersion : 6.0.3.5
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:63 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2648
ThreadCreationTime : 19-10-2006 19:23:04
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:64 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 3336
ThreadCreationTime : 19-10-2006 19:23:09
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:65 [safecfg.exe]
FilePath : C:\Program Files\Juniper\NetScreen-Remote\
ProcessID : 4000
ThreadCreationTime : 19-10-2006 19:23:15
BasePriority : Normal
FileVersion : 10.3.5 (Build 6)
ProductName : SafeNet VPN Client
CompanyName : SafeNet
FileDescription : Secure VPN Client
InternalName : SafeCfg
LegalCopyright : © 1997-2004 SafeNet, Inc. All rights reserved.
OriginalFilename : SafeCfg.exe

#:66 [audevicemgr.exe]
FilePath : C:\Program Files\Sony Ericsson\Mobile\
ProcessID : 1676
ThreadCreationTime : 19-10-2006 19:23:20
BasePriority : Normal
FileVersion : 1, 4, 0, 1
ProductName : Phone Connection Monitor
CompanyName : Teleca Software Solutions AB
FileDescription : Phone Connection Monitor application
InternalName : Device Manager
LegalCopyright : Copyright © 2004 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : audevicemgr.exe

#:67 [mroute~2.exe]
FilePath : c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\
ProcessID : 2704
ThreadCreationTime : 19-10-2006 19:23:25
BasePriority : Normal
FileVersion : 2, 2, 0, 371
ProductVersion : 2, 0, 0, 1
ProductName : mRouter
CompanyName : Intuwave Ltd.
FileDescription : mRouterRuntime MFC Application
InternalName : mRouterRuntime
LegalCopyright : Copyright © Intuwave Ltd. 2001
LegalTrademarks : EPOC
OriginalFilename : mRouterRuntime.EXE

#:68 [connmn~1.exe]
FilePath : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\
ProcessID : 3540
ThreadCreationTime : 19-10-2006 19:24:09
BasePriority : Normal
FileVersion : 1, 0, 0, 41
ProductVersion : 1, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : ConnMngmntBox Module
InternalName : ConnMngmntBox
LegalCopyright : Copyright © Symbian Ltd. 2001
OriginalFilename : ConnMngmntBox.EXE

#:69 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3276
ThreadCreationTime : 19-10-2006 20:30:23
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:70 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2916
ThreadCreationTime : 19-10-2006 21:01:41
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MicroGaming Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-959723283-1784096920-1008150880-1067\software\microgaming

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : turnerf@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:turnerf@questionmarket.com/
Expires : 10-12-2007 12:23:58
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : turnerf@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:turnerf@doubleclick.net/
Expires : 18-10-2009 21:39:14
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : turnerf@ehg-deltatre.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:turnerf@ehg-deltatre.hitbox.com/
Expires : 19-10-2007 21:43:54
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : turnerf@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:turnerf@atdmt.com/
Expires : 18-10-2011 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : turnerf@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:turnerf@mediaplex.com/
Expires : 22-06-2009 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : turnerf@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:turnerf@advertising.com/
Expires : 18-10-2011 21:42:26
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : turnerf@ehg-bskyb.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:turnerf@ehg-bskyb.hitbox.com/
Expires : 19-10-2007 21:42:28
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : turnerf@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:turnerf@hitbox.com/
Expires : 19-10-2007 21:43:54
LastSync : Hits:24
UseCount : 0
Hits : 24

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : turnerf@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:turnerf@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 10

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 10

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

22:14:50 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:45.971
Objects scanned:140645
Objects identified:10
Objects ignored:0
New critical objects:10

Logfile of HijackThis v1.99.1
Scan saved at 21:23:49, on 19/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMPSERV.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\HITACHI\NETMDMP\BIN\ALERTSRV.EXE
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\HITACHI\NETMDMP\BIN\alertpro.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMPWTCP.EXE
C:\Program Files\HITACHI\NETMDMP\BIN\DMPICRON.EXE
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMPUSERS.EXE
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMRCAGNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMPSETUP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HITACHI\NETMDMP\BIN\dmrcasrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMRCCTRN.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\turnerf\LOCALS~1\Temp\Rar$EX08.996\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Hitachi Remote Install Client] "C:\Program Files\HITACHI\NETMDMP\BIN\DMPSETUP.EXE"
O4 - HKLM\..\Run: [Hitachi Remote Install Logon Manager] "C:\Program Files\HITACHI\NETMDMP\BIN\DMPLOGMG.EXE"
O4 - HKLM\..\Run: [Remote Control Agent] "C:\Program Files\HITACHI\NETMDMP\Bin\dmrcagnt.exe" /logon
O4 - HKLM\..\Run: [Hitachi Alert Task Process] "C:\Program Files\HITACHI\NETMDMP\BIN\ALERTTSK.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [HitachiNetmdmAgent] C:\Program Files\HITACHI\NETMDMP\bin\dmrcagnt.exe /service
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...GB_ZNxmk571IYGB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Client Install Service - Hitachi,Ltd. - C:\Program Files\HITACHI\NETMDMP\BIN\DMPSERV.EXE
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Hitachi Alert Process Service - Hitachi, Ltd. - C:\Program Files\HITACHI\NETMDMP\BIN\ALERTSRV.EXE
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Control Agent - Unknown owner - C:\Program Files\HITACHI\NETMDMP\BIN\DMRCAGNT.EXE" /service (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

make believe

Oct 19 2006, 10:20 PM

Logfile of HijackThis v1.99.1
Scan saved at 21:23:49, on 19/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMPSERV.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\HITACHI\NETMDMP\BIN\ALERTSRV.EXE
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\HITACHI\NETMDMP\BIN\alertpro.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMPWTCP.EXE
C:\Program Files\HITACHI\NETMDMP\BIN\DMPICRON.EXE
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMPUSERS.EXE
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMRCAGNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMPSETUP.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HITACHI\NETMDMP\BIN\dmrcasrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\HITACHI\NETMDMP\BIN\DMRCCTRN.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\turnerf\LOCALS~1\Temp\Rar$EX08.996\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Hitachi Remote Install Client] "C:\Program Files\HITACHI\NETMDMP\BIN\DMPSETUP.EXE"
O4 - HKLM\..\Run: [Hitachi Remote Install Logon Manager] "C:\Program Files\HITACHI\NETMDMP\BIN\DMPLOGMG.EXE"
O4 - HKLM\..\Run: [Remote Control Agent] "C:\Program Files\HITACHI\NETMDMP\Bin\dmrcagnt.exe" /logon
O4 - HKLM\..\Run: [Hitachi Alert Task Process] "C:\Program Files\HITACHI\NETMDMP\BIN\ALERTTSK.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [HitachiNetmdmAgent] C:\Program Files\HITACHI\NETMDMP\bin\dmrcagnt.exe /service
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...GB_ZNxmk571IYGB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Client Install Service - Hitachi,Ltd. - C:\Program Files\HITACHI\NETMDMP\BIN\DMPSERV.EXE
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Hitachi Alert Process Service - Hitachi, Ltd. - C:\Program Files\HITACHI\NETMDMP\BIN\ALERTSRV.EXE
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Control Agent - Unknown owner - C:\Program Files\HITACHI\NETMDMP\BIN\DMRCAGNT.EXE" /service (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\turnerf\Cookies\turnerf@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\turnerf\Cookies\turnerf@serving-sys[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\turnerf\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\turnerf\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MSN Messenger\msimg32.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR[contents.rdf]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR[menu.xul]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR[toolbarembed.html]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Adware:Adware/VideosCodec Not disinfected C:\Program Files\VideoCompressionCodec\pmmon.exe

mitFraudFix v2.110

Scan done at 20:18:35.46, 19/10/2006
Run from C:\Documents and Settings\turnerf\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

LS CalamityJane

Oct 20 2006, 02:25 PM

Hi,

You have one of the newer variants of this fake codec desktop hijacker.

SmitfraudFix has been updated for it. Please delete the Smitfraudfix file and folder that you have now.

Download a fresh version (2.111)

Run it again in safe mode with SmitfraudFix 2.111

That should catch it.

Post back with a fresh Rapport.txt log and a fresh HijackThis log please.

make believe

Oct 23 2006, 10:22 PM

SmitFraudFix v2.112

Scan done at 22:09:30.81, 23/10/2006
Run from C:\Documents and Settings\turnerf\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\VideoCompressionCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

make believe

Oct 23 2006, 10:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 22:29:03, on 23/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\turnerf\LOCALS~1\Temp\Rar$EX00.557\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Hitachi Remote Install Client] "C:\Program Files\HITACHI\NETMDMP\BIN\DMPSETUP.EXE"
O4 - HKLM\..\Run: [Hitachi Remote Install Logon Manager] "C:\Program Files\HITACHI\NETMDMP\BIN\DMPLOGMG.EXE"
O4 - HKLM\..\Run: [Remote Control Agent] "C:\Program Files\HITACHI\NETMDMP\Bin\dmrcagnt.exe" /logon
O4 - HKLM\..\Run: [Hitachi Alert Task Process] "C:\Program Files\HITACHI\NETMDMP\BIN\ALERTTSK.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [HitachiNetmdmAgent] C:\Program Files\HITACHI\NETMDMP\bin\dmrcagnt.exe /service
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...GB_ZNxmk571IYGB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Client Install Service - Hitachi,Ltd. - C:\Program Files\HITACHI\NETMDMP\BIN\DMPSERV.EXE
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Hitachi Alert Process Service - Hitachi, Ltd. - C:\Program Files\HITACHI\NETMDMP\BIN\ALERTSRV.EXE
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Control Agent - Unknown owner - C:\Program Files\HITACHI\NETMDMP\BIN\DMRCAGNT.EXE" /service (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

LS CalamityJane

Oct 23 2006, 10:27 PM

Looks like that got it

How is your computer acting now?

make believe

Oct 23 2006, 10:42 PM

It seems to be work fine now. (Big Thanks)

Only thing im not too sure about is that there is an icon in the bottom right corner of the taskbar called "Remote Control Agent - Disconnected"
Im not sure if that has anything to do with this being a work PC and it allows remote access via work or if its anything to do with the problems ive been getting.
I just don't remember seeing it before.

What do you look for or see in the reports i posted to show the virus was still there or gone?

LS CalamityJane

Oct 23 2006, 11:01 PM

It appears you do have remote control software installed.

QUOTE

What do you look for or see in the reports i posted to show the virus was still there or gone?

This was on the Panda report:
Adware:Adware/VideosCodec Not disinfected C:\Program Files\VideoCompressionCodec\pmmon.exe

And the SmitfraudFix tool deleted it

Deleting infected files
C:\Program Files\VideoCompressionCodec\ Deleted

The other stuff Panda found was either optional, not harmful things and/or parts of the removal tools (also not harmful or part of this infection).

Some final cleanup and prevention recomendations follow.

You can go ahead and delete any special tools we used (SmitRem, SmitfraudFix, etc). They won't serve a future purpose and are replaced with updated versions frequently, so the copies you have are probably already out of date and no need to keep them.

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr
Wait while Windows scans your system for files to delete.
Make sure these 3 are checkmarked and press *ok* to delete them.

Temporary Files
Temporary Internet Files
Recycle Bin

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
......................
Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a get stronghold on your PC
http://www.lavasoft.com/

Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!

Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).

A word about shared computers and networks.
Share Your PC
http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help

.
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.

make believe

Oct 23 2006, 11:07 PM

Thanks a lot for that, i'll run that final cleanup.

Thanks for all your help. Hopefully i wont be needing it again.

Cheers.

LS CalamityJane

Oct 24 2006, 06:56 PM

You're very welcome! Glad we could help

Since your issues appear to be solved, I'll go ahead and archive this topic under the "Resolved" section (read only). If you should have any further issues, please feel free to start a new topic.