Hi there,
I was infected with a trojan, I ran SpyHunter, and it wants me to pay to remove this, but it says it picked up Zlob.Trojan and Zlob.VideoAccess. I have the pmsnrr and pmmnt processes running my CPU usage.
I would be greatful if one of you guys can help me.
This is the HijackThis log file:
Logfile of HijackThis v1.99.1
Scan saved at 20:33:06, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
C:\WINNT\TEMP\AG36EA.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Video Access ActiveX Object\pmmnt.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Fujitsu\Hotkey\IndicatorUty.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\OfficeScan NT\pccntupd.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\WINNT\system32\proquota.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sbs.siemens.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sbs.siemens.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CAT@Siemens SBS UK GB001 V2.2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pacs.erl.sbs.de/sbs.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=mddmproxy.gb001.siemens.net:80;https=mddmproxy.gb001.siemens.net:80;ftp=mdd
mproxy.gb001.siemens.net:80;gopher=localhost:1;socks=proxy1.sbs.siemens.co.uk:10
80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sitest.net;*.siemens.net;*.siemens.de;<local>
F2 - REG:system.ini: UserInit=CatUInit
O1 - Hosts: 137.223.215.211 wtht201x
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - C:\WINNT\system32\lafD.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Hotkey\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DirXconnect settings] C:\\PROGRA~1\SIEMENS\DIRXDI~1\dxdSetup.exe -silent -dxcsettings
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [JavaProfileFix3] "C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe"
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [CatUserRun] exec32 /wh /c chgreg5 /c
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.sbs.siemens.co.uk
O15 - Trusted Zone: *.edvantage.net
O15 - Trusted Zone: http://*.edvantage.net
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.edvantage.net (HKLM)
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GB001.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = GB001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GB001.siemens.net
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINNT\system32\xkrdk.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: OfficeScanNT Echtzeitsuche (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
Full Version: Zlob infected!
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Sorry here is the AdAware log if you need it:
Ad-Aware SE Build 1.06r1
Logfile Created on:26 February 2007 20:24:54
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R155 26.02.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):11 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
26-02-2007 20:24:54 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 476
ThreadCreationTime : 26-02-2007 19:16:42
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 532
ThreadCreationTime : 26-02-2007 19:16:44
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 556
ThreadCreationTime : 26-02-2007 19:16:45
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 600
ThreadCreationTime : 26-02-2007 19:16:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 612
ThreadCreationTime : 26-02-2007 19:16:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 792
ThreadCreationTime : 26-02-2007 19:16:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 856
ThreadCreationTime : 26-02-2007 19:16:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 900
ThreadCreationTime : 26-02-2007 19:16:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 952
ThreadCreationTime : 26-02-2007 19:16:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1012
ThreadCreationTime : 26-02-2007 19:16:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1184
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [scardsvr.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1232
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe
#:13 [ati2evxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1316
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
#:14 [catsystemsvc.exe]
FilePath : C:\WINNT\CatPC\CatSYS\
ProcessID : 1336
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
FileVersion : 1.4.0.23
ProductVersion : 1, 4, 0, 23
ProductName : CatSystem Service
CompanyName : Siemens AG
FileDescription : CatSystem Service
InternalName : CatSystemSvc
LegalCopyright : copyright 2006
OriginalFilename : CatSystemSvc.exe
#:15 [cbbs.exe]
FilePath : C:\Program Files\Siemens\CAT Bulletin Board\
ProcessID : 1460
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
FileVersion : 1.0 (8)
FileDescription : CBBS Service
InternalName : CBBS
LegalCopyright : Copyright 2001, 2002
OriginalFilename : CBBS.EXE
#:16 [cagent32.exe]
FilePath : C:\Centenn.ial\Audit\
ProcessID : 1472
ThreadCreationTime : 26-02-2007 19:16:50
BasePriority : Normal
FileVersion : 5.1
ProductVersion : 5.1
ProductName : Centennial Discovery®
CompanyName : Centennial Software Limited
FileDescription : Centennial Discovery® Client Agent
LegalCopyright : Copyright © 1998-2005 Centennial Software Limited
#:17 [xferwan.exe]
FilePath : C:\Centenn.ial\Audit\
ProcessID : 1536
ThreadCreationTime : 26-02-2007 19:16:50
BasePriority : Normal
FileVersion : 5.1
ProductVersion : 5.1
ProductName : Centennial Discovery®
CompanyName : Centennial Software Limited
FileDescription : Centennial Discovery®
LegalCopyright : Copyright © 1998-2005 Centennial Software Limited
#:18 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1584
ThreadCreationTime : 26-02-2007 19:16:50
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:19 [ndserv.exe]
FilePath : C:\Program Files\ManageSoft\Launcher\
ProcessID : 1624
ThreadCreationTime : 26-02-2007 19:16:51
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft
CompanyName : ManageSoft Corp
FileDescription : ManageSoft
InternalName : NDSERV
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : ndserv.exe
Comments : ManageSoft installation agent
#:20 [ndinit.exe]
FilePath : C:\Program Files\ManageSoft\Schedule Agent\
ProcessID : 1724
ThreadCreationTime : 26-02-2007 19:16:53
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft managed device
CompanyName : ManageSoft Corp
FileDescription : ManageSoft managed device
InternalName : NDINIT
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : ndinit.exe
Comments : ManageSoft managed device
#:21 [ntrtscan.exe]
FilePath : C:\Program Files\OfficeScan NT\
ProcessID : 1744
ThreadCreationTime : 26-02-2007 19:16:53
BasePriority : Normal
FileVersion : 7.3.0.1020
ProductVersion : 7.3
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
FileDescription : Ntrtscan.exe
LegalCopyright : Copyright © 1998-2006 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
#:22 [ndtask.exe]
FilePath : C:\Program Files\ManageSoft\Schedule Agent\
ProcessID : 1760
ThreadCreationTime : 26-02-2007 19:16:53
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft task scheduler
CompanyName : ManageSoft Corp
FileDescription : ManageSoft task scheduler
InternalName : NDTASK
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : ndtask.exe
Comments : ManageSoft task scheduler
#:23 [tmlisten.exe]
FilePath : C:\Program Files\OfficeScan NT\
ProcessID : 1796
ThreadCreationTime : 26-02-2007 19:16:54
BasePriority : Normal
FileVersion : 7.3.0.1020
ProductVersion : 7.3
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1998-2006 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
#:24 [mgsusageag.exe]
FilePath : C:\Program Files\ManageSoft\Usage Agent\
ProcessID : 2020
ThreadCreationTime : 26-02-2007 19:17:03
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft
CompanyName : ManageSoft Corp
FileDescription : ManageSoft
InternalName : MGSUSAGEAG
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : mgsusageag.exe
Comments : ManageSoft application usage agent
#:25 [ag36ea.exe]
FilePath : C:\WINNT\TEMP\
ProcessID : 324
ThreadCreationTime : 26-02-2007 19:17:24
BasePriority : Normal
#:26 [alg.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1400
ThreadCreationTime : 26-02-2007 19:18:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 3872
ThreadCreationTime : 26-02-2007 19:22:05
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:28 [pmsnrr.exe]
FilePath : C:\Program Files\Video Access ActiveX Object\
ProcessID : 4084
ThreadCreationTime : 26-02-2007 19:22:10
BasePriority : Normal
#:29 [agrsmmsg.exe]
FilePath : C:\WINNT\
ProcessID : 1516
ThreadCreationTime : 26-02-2007 19:22:11
BasePriority : Normal
FileVersion : 2.1.21 2.1.21 11/21/2002 14:17:53
ProductVersion : 2.1.21 2.1.21 11/21/2002 14:17:53
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:30 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 344
ThreadCreationTime : 26-02-2007 19:22:11
BasePriority : Normal
FileVersion : 5.3.401.121
ProductVersion : 5.3.401.121
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:31 [pmmnt.exe]
FilePath : C:\Program Files\Video Access ActiveX Object\
ProcessID : 460
ThreadCreationTime : 26-02-2007 19:22:12
BasePriority : Normal
#:32 [atiptaxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 740
ThreadCreationTime : 26-02-2007 19:22:13
BasePriority : Normal
FileVersion : 6.13.10.2534
ProductVersion : 6.13.10.2534
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:33 [indicatoruty.exe]
FilePath : C:\Program Files\Fujitsu\Hotkey\
ProcessID : 1780
ThreadCreationTime : 26-02-2007 19:22:13
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : Fujitsu Hotkey Utility
CompanyName : FUJITSU LIMITED
FileDescription : Fujitsu Hotkey Utility
InternalName : Fujitsu Hotkey Utility
LegalCopyright : Copyright © FUJITSU LIMITED 2001-2002.
OriginalFilename : IndicatorUty.exe
#:34 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 720
ThreadCreationTime : 26-02-2007 19:22:13
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:35 [quicktouch.exe]
FilePath : C:\Program Files\Fujitsu\Application Panel\
ProcessID : 2192
ThreadCreationTime : 26-02-2007 19:22:15
BasePriority : Normal
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
ProductName : Lifebook Application Panel
CompanyName : FUJITSU LIMITED
FileDescription : LifeBook Application Panel / Core
InternalName : Fujitsu->AUV->QuickTouch.exe
LegalCopyright : Copyright © FUJITSU LIMITED 1998-2001.
OriginalFilename : QuickTouch.exe
#:36 [ndtask.exe]
FilePath : C:\Program Files\ManageSoft\Schedule Agent\
ProcessID : 2244
ThreadCreationTime : 26-02-2007 19:22:16
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft task scheduler
CompanyName : ManageSoft Corp
FileDescription : ManageSoft task scheduler
InternalName : NDTASK
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : ndtask.exe
Comments : ManageSoft task scheduler
#:37 [btnhnd.exe]
FilePath : C:\Program Files\Fujitsu\BtnHnd\
ProcessID : 2348
ThreadCreationTime : 26-02-2007 19:22:17
BasePriority : Normal
FileVersion : 2, 5, 0, 1
ProductVersion : 2, 5, 0, 0
ProductName : Button handler
CompanyName : FUJITSU LIMITED
FileDescription : Button handler
InternalName : Fujitsu->BtnHnd->BtnHnd.exe
LegalCopyright : Copyright © FUJITSU LIMITED 1998-2001.
OriginalFilename : BtnHnd.exe
#:38 [pccntmon.exe]
FilePath : C:\Program Files\OfficeScan NT\
ProcessID : 2568
ThreadCreationTime : 26-02-2007 19:22:26
BasePriority : Normal
FileVersion : 7.3.0.1020
ProductVersion : 7.3
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
FileDescription : I/O Monitor
InternalName : PCCNTMON
LegalCopyright : Copyright © 1998-2006 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCNTMON.EXE
#:39 [pccntupd.exe]
FilePath : C:\Program Files\OfficeScan NT\
ProcessID : 2684
ThreadCreationTime : 26-02-2007 19:22:28
BasePriority : Normal
FileVersion : 7.3.0.1020
ProductVersion : 7.3
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1998-2006 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
#:40 [siecacst.exe]
FilePath : C:\Program Files\Siemens\Card API\bin\
ProcessID : 2764
ThreadCreationTime : 26-02-2007 19:22:31
BasePriority : Normal
FileVersion : 1, 6, 0, 1
ProductVersion : 1, 6, 0, 1
ProductName : Siemens Card API
CompanyName : Siemens AG
FileDescription : Certstore MFC Application
LegalCopyright : Copyright © Siemens AG 2003
#:41 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2844
ThreadCreationTime : 26-02-2007 19:22:34
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe
#:42 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2984
ThreadCreationTime : 26-02-2007 19:22:37
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:43 [cbb.exe]
FilePath : C:\Program Files\Siemens\CAT Bulletin Board\
ProcessID : 2988
ThreadCreationTime : 26-02-2007 19:22:37
BasePriority : Normal
FileVersion : 1.1 (1)
CompanyName : Siemens AG
FileDescription : CBB
InternalName : CBB
LegalCopyright : Siemens AG
OriginalFilename : CBB.exe
#:44 [proquota.exe]
FilePath : C:\WINNT\system32\
ProcessID : 3112
ThreadCreationTime : 26-02-2007 19:22:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : ProQuota
InternalName : proquota
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : proquota.exe
#:45 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 3356
ThreadCreationTime : 26-02-2007 19:22:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:46 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3540
ThreadCreationTime : 26-02-2007 19:22:53
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:47 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3528
ThreadCreationTime : 26-02-2007 19:24:10
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2708
ThreadCreationTime : 26-02-2007 20:16:45
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : graeme.truluck@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:graeme.truluck@clickbank.net/
Expires : 25-08-2007 19:35:50
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\DOCUME~1\GRAEME~1.TRU\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 1
MRU List Object Recognized!
Location: : C:\Documents and Settings\graeme.truluck\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\graeme.truluck\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\terminal server client\default
Description : list of recent systems connected to using remote desktop / terminal services
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
20:31:00 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:05.366
Objects scanned:92657
Objects identified:1
Objects ignored:0
New critical objects:1
Ad-Aware SE Build 1.06r1
Logfile Created on:26 February 2007 20:24:54
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R155 26.02.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):11 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
26-02-2007 20:24:54 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 476
ThreadCreationTime : 26-02-2007 19:16:42
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 532
ThreadCreationTime : 26-02-2007 19:16:44
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 556
ThreadCreationTime : 26-02-2007 19:16:45
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 600
ThreadCreationTime : 26-02-2007 19:16:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 612
ThreadCreationTime : 26-02-2007 19:16:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 792
ThreadCreationTime : 26-02-2007 19:16:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 856
ThreadCreationTime : 26-02-2007 19:16:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 900
ThreadCreationTime : 26-02-2007 19:16:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 952
ThreadCreationTime : 26-02-2007 19:16:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1012
ThreadCreationTime : 26-02-2007 19:16:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1184
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [scardsvr.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1232
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe
#:13 [ati2evxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1316
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
#:14 [catsystemsvc.exe]
FilePath : C:\WINNT\CatPC\CatSYS\
ProcessID : 1336
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
FileVersion : 1.4.0.23
ProductVersion : 1, 4, 0, 23
ProductName : CatSystem Service
CompanyName : Siemens AG
FileDescription : CatSystem Service
InternalName : CatSystemSvc
LegalCopyright : copyright 2006
OriginalFilename : CatSystemSvc.exe
#:15 [cbbs.exe]
FilePath : C:\Program Files\Siemens\CAT Bulletin Board\
ProcessID : 1460
ThreadCreationTime : 26-02-2007 19:16:49
BasePriority : Normal
FileVersion : 1.0 (8)
FileDescription : CBBS Service
InternalName : CBBS
LegalCopyright : Copyright 2001, 2002
OriginalFilename : CBBS.EXE
#:16 [cagent32.exe]
FilePath : C:\Centenn.ial\Audit\
ProcessID : 1472
ThreadCreationTime : 26-02-2007 19:16:50
BasePriority : Normal
FileVersion : 5.1
ProductVersion : 5.1
ProductName : Centennial Discovery®
CompanyName : Centennial Software Limited
FileDescription : Centennial Discovery® Client Agent
LegalCopyright : Copyright © 1998-2005 Centennial Software Limited
#:17 [xferwan.exe]
FilePath : C:\Centenn.ial\Audit\
ProcessID : 1536
ThreadCreationTime : 26-02-2007 19:16:50
BasePriority : Normal
FileVersion : 5.1
ProductVersion : 5.1
ProductName : Centennial Discovery®
CompanyName : Centennial Software Limited
FileDescription : Centennial Discovery®
LegalCopyright : Copyright © 1998-2005 Centennial Software Limited
#:18 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1584
ThreadCreationTime : 26-02-2007 19:16:50
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:19 [ndserv.exe]
FilePath : C:\Program Files\ManageSoft\Launcher\
ProcessID : 1624
ThreadCreationTime : 26-02-2007 19:16:51
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft
CompanyName : ManageSoft Corp
FileDescription : ManageSoft
InternalName : NDSERV
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : ndserv.exe
Comments : ManageSoft installation agent
#:20 [ndinit.exe]
FilePath : C:\Program Files\ManageSoft\Schedule Agent\
ProcessID : 1724
ThreadCreationTime : 26-02-2007 19:16:53
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft managed device
CompanyName : ManageSoft Corp
FileDescription : ManageSoft managed device
InternalName : NDINIT
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : ndinit.exe
Comments : ManageSoft managed device
#:21 [ntrtscan.exe]
FilePath : C:\Program Files\OfficeScan NT\
ProcessID : 1744
ThreadCreationTime : 26-02-2007 19:16:53
BasePriority : Normal
FileVersion : 7.3.0.1020
ProductVersion : 7.3
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
FileDescription : Ntrtscan.exe
LegalCopyright : Copyright © 1998-2006 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
#:22 [ndtask.exe]
FilePath : C:\Program Files\ManageSoft\Schedule Agent\
ProcessID : 1760
ThreadCreationTime : 26-02-2007 19:16:53
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft task scheduler
CompanyName : ManageSoft Corp
FileDescription : ManageSoft task scheduler
InternalName : NDTASK
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : ndtask.exe
Comments : ManageSoft task scheduler
#:23 [tmlisten.exe]
FilePath : C:\Program Files\OfficeScan NT\
ProcessID : 1796
ThreadCreationTime : 26-02-2007 19:16:54
BasePriority : Normal
FileVersion : 7.3.0.1020
ProductVersion : 7.3
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1998-2006 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
#:24 [mgsusageag.exe]
FilePath : C:\Program Files\ManageSoft\Usage Agent\
ProcessID : 2020
ThreadCreationTime : 26-02-2007 19:17:03
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft
CompanyName : ManageSoft Corp
FileDescription : ManageSoft
InternalName : MGSUSAGEAG
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : mgsusageag.exe
Comments : ManageSoft application usage agent
#:25 [ag36ea.exe]
FilePath : C:\WINNT\TEMP\
ProcessID : 324
ThreadCreationTime : 26-02-2007 19:17:24
BasePriority : Normal
#:26 [alg.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1400
ThreadCreationTime : 26-02-2007 19:18:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 3872
ThreadCreationTime : 26-02-2007 19:22:05
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:28 [pmsnrr.exe]
FilePath : C:\Program Files\Video Access ActiveX Object\
ProcessID : 4084
ThreadCreationTime : 26-02-2007 19:22:10
BasePriority : Normal
#:29 [agrsmmsg.exe]
FilePath : C:\WINNT\
ProcessID : 1516
ThreadCreationTime : 26-02-2007 19:22:11
BasePriority : Normal
FileVersion : 2.1.21 2.1.21 11/21/2002 14:17:53
ProductVersion : 2.1.21 2.1.21 11/21/2002 14:17:53
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:30 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 344
ThreadCreationTime : 26-02-2007 19:22:11
BasePriority : Normal
FileVersion : 5.3.401.121
ProductVersion : 5.3.401.121
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:31 [pmmnt.exe]
FilePath : C:\Program Files\Video Access ActiveX Object\
ProcessID : 460
ThreadCreationTime : 26-02-2007 19:22:12
BasePriority : Normal
#:32 [atiptaxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 740
ThreadCreationTime : 26-02-2007 19:22:13
BasePriority : Normal
FileVersion : 6.13.10.2534
ProductVersion : 6.13.10.2534
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:33 [indicatoruty.exe]
FilePath : C:\Program Files\Fujitsu\Hotkey\
ProcessID : 1780
ThreadCreationTime : 26-02-2007 19:22:13
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : Fujitsu Hotkey Utility
CompanyName : FUJITSU LIMITED
FileDescription : Fujitsu Hotkey Utility
InternalName : Fujitsu Hotkey Utility
LegalCopyright : Copyright © FUJITSU LIMITED 2001-2002.
OriginalFilename : IndicatorUty.exe
#:34 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 720
ThreadCreationTime : 26-02-2007 19:22:13
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:35 [quicktouch.exe]
FilePath : C:\Program Files\Fujitsu\Application Panel\
ProcessID : 2192
ThreadCreationTime : 26-02-2007 19:22:15
BasePriority : Normal
FileVersion : 4, 2, 0, 0
ProductVersion : 4, 2, 0, 0
ProductName : Lifebook Application Panel
CompanyName : FUJITSU LIMITED
FileDescription : LifeBook Application Panel / Core
InternalName : Fujitsu->AUV->QuickTouch.exe
LegalCopyright : Copyright © FUJITSU LIMITED 1998-2001.
OriginalFilename : QuickTouch.exe
#:36 [ndtask.exe]
FilePath : C:\Program Files\ManageSoft\Schedule Agent\
ProcessID : 2244
ThreadCreationTime : 26-02-2007 19:22:16
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : ManageSoft task scheduler
CompanyName : ManageSoft Corp
FileDescription : ManageSoft task scheduler
InternalName : NDTASK
LegalCopyright : Copyright 1995-2004 ManageSoft Corporation.
LegalTrademarks : ManageSoft is a trademark of ManageSoft Corporation.
OriginalFilename : ndtask.exe
Comments : ManageSoft task scheduler
#:37 [btnhnd.exe]
FilePath : C:\Program Files\Fujitsu\BtnHnd\
ProcessID : 2348
ThreadCreationTime : 26-02-2007 19:22:17
BasePriority : Normal
FileVersion : 2, 5, 0, 1
ProductVersion : 2, 5, 0, 0
ProductName : Button handler
CompanyName : FUJITSU LIMITED
FileDescription : Button handler
InternalName : Fujitsu->BtnHnd->BtnHnd.exe
LegalCopyright : Copyright © FUJITSU LIMITED 1998-2001.
OriginalFilename : BtnHnd.exe
#:38 [pccntmon.exe]
FilePath : C:\Program Files\OfficeScan NT\
ProcessID : 2568
ThreadCreationTime : 26-02-2007 19:22:26
BasePriority : Normal
FileVersion : 7.3.0.1020
ProductVersion : 7.3
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
FileDescription : I/O Monitor
InternalName : PCCNTMON
LegalCopyright : Copyright © 1998-2006 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCNTMON.EXE
#:39 [pccntupd.exe]
FilePath : C:\Program Files\OfficeScan NT\
ProcessID : 2684
ThreadCreationTime : 26-02-2007 19:22:28
BasePriority : Normal
FileVersion : 7.3.0.1020
ProductVersion : 7.3
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1998-2006 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
#:40 [siecacst.exe]
FilePath : C:\Program Files\Siemens\Card API\bin\
ProcessID : 2764
ThreadCreationTime : 26-02-2007 19:22:31
BasePriority : Normal
FileVersion : 1, 6, 0, 1
ProductVersion : 1, 6, 0, 1
ProductName : Siemens Card API
CompanyName : Siemens AG
FileDescription : Certstore MFC Application
LegalCopyright : Copyright © Siemens AG 2003
#:41 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2844
ThreadCreationTime : 26-02-2007 19:22:34
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe
#:42 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2984
ThreadCreationTime : 26-02-2007 19:22:37
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:43 [cbb.exe]
FilePath : C:\Program Files\Siemens\CAT Bulletin Board\
ProcessID : 2988
ThreadCreationTime : 26-02-2007 19:22:37
BasePriority : Normal
FileVersion : 1.1 (1)
CompanyName : Siemens AG
FileDescription : CBB
InternalName : CBB
LegalCopyright : Siemens AG
OriginalFilename : CBB.exe
#:44 [proquota.exe]
FilePath : C:\WINNT\system32\
ProcessID : 3112
ThreadCreationTime : 26-02-2007 19:22:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : ProQuota
InternalName : proquota
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : proquota.exe
#:45 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 3356
ThreadCreationTime : 26-02-2007 19:22:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:46 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3540
ThreadCreationTime : 26-02-2007 19:22:53
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:47 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3528
ThreadCreationTime : 26-02-2007 19:24:10
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2708
ThreadCreationTime : 26-02-2007 20:16:45
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : graeme.truluck@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:graeme.truluck@clickbank.net/
Expires : 25-08-2007 19:35:50
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\DOCUME~1\GRAEME~1.TRU\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 1
MRU List Object Recognized!
Location: : C:\Documents and Settings\graeme.truluck\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\graeme.truluck\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\terminal server client\default
Description : list of recent systems connected to using remote desktop / terminal services
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1960408961-725345543-468838394-67140\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
20:31:00 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:05.366
Objects scanned:92657
Objects identified:1
Objects ignored:0
New critical objects:1
submit
"C:\Program Files\Video Access ActiveX Object\pmsnrr.exe"
"C:\Program Files\Video Access ActiveX Object\pmmnt.exe"
to
http://www.virustotal.com/en/indexx.html
and post the results here
Also, submit any other files in
C:\Program Files\Video Access ActiveX Object\
and post those results too.
After that, download http://swandog46.geekstogo.com/avenger.exe to your desktop run avenger.exe from your desktop
copy the bold text below:
FOLDERS TO DELETE:
C:\Program Files\Video Access ActiveX Object\
then choose "input script manually"
next click on the Magnifying Glass
then paste the bold text you copied in there (ctrl+v) and click done
then click the traffic light button and allow it to reboot your computer.
post the log from C:\avenger.txt
"C:\Program Files\Video Access ActiveX Object\pmsnrr.exe"
"C:\Program Files\Video Access ActiveX Object\pmmnt.exe"
to
http://www.virustotal.com/en/indexx.html
and post the results here
Also, submit any other files in
C:\Program Files\Video Access ActiveX Object\
and post those results too.
After that, download http://swandog46.geekstogo.com/avenger.exe to your desktop run avenger.exe from your desktop
copy the bold text below:
FOLDERS TO DELETE:
C:\Program Files\Video Access ActiveX Object\
then choose "input script manually"
next click on the Magnifying Glass
then paste the bold text you copied in there (ctrl+v) and click done
then click the traffic light button and allow it to reboot your computer.
post the log from C:\avenger.txt
Hey,GraemeT
Please run these two tools for me.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.
Please do not run any other options until you are asked to do so.
------------------
Please download SUPERAntiSpyware Home Edition (free version)
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Please leave the others unchecked.
Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
After reboot, double-click the SUPERAntispyware icon on your desktop.
Click Preferences. Click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
-------------------
Then come back here with all new logfiles.
Gogo
Please run these two tools for me.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.
Please do not run any other options until you are asked to do so.
------------------
Please download SUPERAntiSpyware Home Edition (free version)
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Please leave the others unchecked.
Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
After reboot, double-click the SUPERAntispyware icon on your desktop.
Click Preferences. Click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
-------------------
Then come back here with all new logfiles.
Gogo
Hi HJThis
Ok, so i ran SmitfraudFix (copied the log here), then SUPERAntiSpyware looks like it fixed it, Yeah!! Tha log is here and then i ran HiJackThis again.
Here are the logs, thanks so much, let me know if there is anything else i need to do, can i uninstall all the spyware programmes?
Graeme
SmitFraudFix v2.144
Scan done at 11:20:23.05, 27/02/2007
Run from C:\Graeme\Virus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» H:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\graeme.truluck
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\graeme.truluck\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GRAEME~1.TRU\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Video Access ActiveX Object\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8329660f-e248-4872-98cc-fb9c4fec7ba8}"="didynamia"
[HKEY_CLASSES_ROOT\CLSID\{8329660f-e248-4872-98cc-fb9c4fec7ba8}\InProcServer32]
@="C:\WINNT\system32\xkrdk.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8329660f-e248-4872-98cc-fb9c4fec7ba8}\InProcServer32]
@="C:\WINNT\system32\xkrdk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
SUPERAntiSpyware Scan Log
Generated 02/27/2007 at 12:52 PM
Application Version : 3.5.1016
Core Rules Database Version : 3190
Trace Rules Database Version: 1200
Scan type : Complete Scan
Total Scan Time : 01:16:56
Memory items scanned : 395
Memory threats detected : 2
Registry items scanned : 5415
Registry threats detected : 23
File items scanned : 33271
File threats detected : 21
Trojan.Media-Codec
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\PMSNRR.EXE
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\PMSNRR.EXE
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\PMMNT.EXE
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\PMMNT.EXE
HKU\S-1-5-21-1960408961-725345543-468838394-67140\Software\Internet Security
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#Publisher
C:\Program Files\Video Access ActiveX Object\iesplugin.dll
C:\Program Files\Video Access ActiveX Object\iesuninst.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\Video Access ActiveX Object\isunst.exe
C:\Program Files\Video Access ActiveX Object\ot.ico
C:\Program Files\Video Access ActiveX Object\pmunst.exe
C:\Program Files\Video Access ActiveX Object\ts.ico
C:\Program Files\Video Access ActiveX Object\uninst.exe
C:\Program Files\Video Access ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video Access ActiveX Object\isamntr.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video Access ActiveX Object\pmsnrr.exe ]
C:\WINNT\Prefetch\PMMNT.EXE-31D06C96.pf
C:\WINNT\Prefetch\PMSNRR.EXE-06CA8879.pf
Adware.Tracking Cookie
C:\Documents and Settings\graeme.truluck\Cookies\graeme.truluck@www.pestcapture[1].txt
C:\Documents and Settings\graeme.truluck\Cookies\graeme[2].txt
C:\Documents and Settings\graeme.truluck\Cookies\graeme[1].txt
C:\Documents and Settings\graeme.truluck\Cookies\graeme.truluck@cpvfeed[2].txt
C:\Documents and Settings\graeme.truluck\Cookies\graeme.truluck@mediaplex[1].txt
U:\Cookies\graeme.truluck@cpvfeed[2].txt
U:\Cookies\graeme.truluck@mediaplex[1].txt
Unclassified.Unknown Origin
HKCR\CLSID\{337C54C9-80C1-4DE2-93CD-AAA510834074}
HKCR\CLSID\{337C54C9-80C1-4DE2-93CD-AAA510834074}\InprocServer32
HKCR\CLSID\{337C54C9-80C1-4DE2-93CD-AAA510834074}\InprocServer32#ThreadingModel
HKCR\CLSID\{8329660F-E248-4872-98CC-FB9C4FEC7BA8}
HKCR\CLSID\{8329660F-E248-4872-98CC-FB9C4FEC7BA8}\InProcServer32
HKCR\CLSID\{8329660F-E248-4872-98CC-FB9C4FEC7BA8}\InProcServer32#ThreadingModel
Trojan.IEXPLORER
C:\WINNT\INSTALLER\{5DD0FD76-DFA1-4274-BF35-09D2B4386E31}\IEXPLORER.EXE
Logfile of HijackThis v1.99.1
Scan saved at 13:54:40, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
C:\WINNT\TEMP\HB4450.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Fujitsu\Hotkey\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\proquota.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\OfficeScan NT\pccntupd.exe
C:\WINNT\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\HijackThis.exe
C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe
C:\Program Files\ManageSoft\Policy Client\mgspolicy.exe
C:\Program Files\ManageSoft\Launcher\ndlaunch.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sbs.siemens.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sbs.siemens.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CAT@Siemens SBS UK GB001 V2.2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pacs.erl.sbs.de/sbs.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=mddmproxy.gb001.siemens.net:80;https=mddmproxy.gb001.siemens.net:80;ftp=mdd
mproxy.gb001.siemens.net:80;gopher=localhost:1;socks=proxy1.sbs.siemens.co.uk:10
80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sitest.net;*.siemens.net;*.siemens.de;<local>
F2 - REG:system.ini: UserInit=CatUInit
O1 - Hosts: 137.223.215.211 wtht201x
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Hotkey\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DirXconnect settings] C:\\PROGRA~1\SIEMENS\DIRXDI~1\dxdSetup.exe -silent -dxcsettings
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [JavaProfileFix3] "C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe"
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [CatUserRun] exec32 /wh /c chgreg5 /c
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.sbs.siemens.co.uk
O15 - Trusted Zone: *.edvantage.net
O15 - Trusted Zone: http://*.edvantage.net
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.edvantage.net (HKLM)
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GB001.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = GB001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GB001.siemens.net
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: OfficeScanNT Echtzeitsuche (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
Ok, so i ran SmitfraudFix (copied the log here), then SUPERAntiSpyware looks like it fixed it, Yeah!! Tha log is here and then i ran HiJackThis again.
Here are the logs, thanks so much, let me know if there is anything else i need to do, can i uninstall all the spyware programmes?
Graeme
SmitFraudFix v2.144
Scan done at 11:20:23.05, 27/02/2007
Run from C:\Graeme\Virus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» H:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\graeme.truluck
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\graeme.truluck\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GRAEME~1.TRU\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Video Access ActiveX Object\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8329660f-e248-4872-98cc-fb9c4fec7ba8}"="didynamia"
[HKEY_CLASSES_ROOT\CLSID\{8329660f-e248-4872-98cc-fb9c4fec7ba8}\InProcServer32]
@="C:\WINNT\system32\xkrdk.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8329660f-e248-4872-98cc-fb9c4fec7ba8}\InProcServer32]
@="C:\WINNT\system32\xkrdk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
SUPERAntiSpyware Scan Log
Generated 02/27/2007 at 12:52 PM
Application Version : 3.5.1016
Core Rules Database Version : 3190
Trace Rules Database Version: 1200
Scan type : Complete Scan
Total Scan Time : 01:16:56
Memory items scanned : 395
Memory threats detected : 2
Registry items scanned : 5415
Registry threats detected : 23
File items scanned : 33271
File threats detected : 21
Trojan.Media-Codec
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\PMSNRR.EXE
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\PMSNRR.EXE
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\PMMNT.EXE
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\PMMNT.EXE
HKU\S-1-5-21-1960408961-725345543-468838394-67140\Software\Internet Security
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#Publisher
C:\Program Files\Video Access ActiveX Object\iesplugin.dll
C:\Program Files\Video Access ActiveX Object\iesuninst.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\Video Access ActiveX Object\isunst.exe
C:\Program Files\Video Access ActiveX Object\ot.ico
C:\Program Files\Video Access ActiveX Object\pmunst.exe
C:\Program Files\Video Access ActiveX Object\ts.ico
C:\Program Files\Video Access ActiveX Object\uninst.exe
C:\Program Files\Video Access ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video Access ActiveX Object\isamntr.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video Access ActiveX Object\pmsnrr.exe ]
C:\WINNT\Prefetch\PMMNT.EXE-31D06C96.pf
C:\WINNT\Prefetch\PMSNRR.EXE-06CA8879.pf
Adware.Tracking Cookie
C:\Documents and Settings\graeme.truluck\Cookies\graeme.truluck@www.pestcapture[1].txt
C:\Documents and Settings\graeme.truluck\Cookies\graeme[2].txt
C:\Documents and Settings\graeme.truluck\Cookies\graeme[1].txt
C:\Documents and Settings\graeme.truluck\Cookies\graeme.truluck@cpvfeed[2].txt
C:\Documents and Settings\graeme.truluck\Cookies\graeme.truluck@mediaplex[1].txt
U:\Cookies\graeme.truluck@cpvfeed[2].txt
U:\Cookies\graeme.truluck@mediaplex[1].txt
Unclassified.Unknown Origin
HKCR\CLSID\{337C54C9-80C1-4DE2-93CD-AAA510834074}
HKCR\CLSID\{337C54C9-80C1-4DE2-93CD-AAA510834074}\InprocServer32
HKCR\CLSID\{337C54C9-80C1-4DE2-93CD-AAA510834074}\InprocServer32#ThreadingModel
HKCR\CLSID\{8329660F-E248-4872-98CC-FB9C4FEC7BA8}
HKCR\CLSID\{8329660F-E248-4872-98CC-FB9C4FEC7BA8}\InProcServer32
HKCR\CLSID\{8329660F-E248-4872-98CC-FB9C4FEC7BA8}\InProcServer32#ThreadingModel
Trojan.IEXPLORER
C:\WINNT\INSTALLER\{5DD0FD76-DFA1-4274-BF35-09D2B4386E31}\IEXPLORER.EXE
Logfile of HijackThis v1.99.1
Scan saved at 13:54:40, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
C:\WINNT\TEMP\HB4450.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Fujitsu\Hotkey\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\proquota.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\OfficeScan NT\pccntupd.exe
C:\WINNT\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\HijackThis.exe
C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe
C:\Program Files\ManageSoft\Policy Client\mgspolicy.exe
C:\Program Files\ManageSoft\Launcher\ndlaunch.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.sbs.siemens.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.sbs.siemens.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CAT@Siemens SBS UK GB001 V2.2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pacs.erl.sbs.de/sbs.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=mddmproxy.gb001.siemens.net:80;https=mddmproxy.gb001.siemens.net:80;ftp=mdd
mproxy.gb001.siemens.net:80;gopher=localhost:1;socks=proxy1.sbs.siemens.co.uk:10
80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sitest.net;*.siemens.net;*.siemens.de;<local>
F2 - REG:system.ini: UserInit=CatUInit
O1 - Hosts: 137.223.215.211 wtht201x
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Hotkey\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DirXconnect settings] C:\\PROGRA~1\SIEMENS\DIRXDI~1\dxdSetup.exe -silent -dxcsettings
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [JavaProfileFix3] "C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe"
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [CatUserRun] exec32 /wh /c chgreg5 /c
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.sbs.siemens.co.uk
O15 - Trusted Zone: *.edvantage.net
O15 - Trusted Zone: http://*.edvantage.net
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.edvantage.net (HKLM)
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GB001.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = GB001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GB001.siemens.net
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: OfficeScanNT Echtzeitsuche (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
Hi,GraemeT
Great work now run this tool then come back with it's log and new HijackThis, logfile.
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log in your next reply.
------------------
Gogo
Great work now run this tool then come back with it's log and new HijackThis, logfile.
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log in your next reply.
------------------
Gogo
Hi,
Thanks for the reply, and sorry for not getting back to you sooner. I tried to log into Safe Mode, but seeing as in log into a domain controller, it doesn't allow me to log in in Safe Mode, but does in Normal Windows mode even if I'm not connected to any network.
I can't add this computer as an administrator locally but do have (limited) admin rights (possibley due to policies).
How do you suggest i log in to run the programme or is there another programme i can run in Normal Windows mode?
Cheers
Graeme
Thanks for the reply, and sorry for not getting back to you sooner. I tried to log into Safe Mode, but seeing as in log into a domain controller, it doesn't allow me to log in in Safe Mode, but does in Normal Windows mode even if I'm not connected to any network.
I can't add this computer as an administrator locally but do have (limited) admin rights (possibley due to policies).
How do you suggest i log in to run the programme or is there another programme i can run in Normal Windows mode?
Cheers
Graeme
Hey,GraemeT
Try running SUPERAntiSpyware, once more let's see what if anything more
it may find. but I think it's all gone. so run it then show me a log and HijackThis, log.
Gogo
Try running SUPERAntiSpyware, once more let's see what if anything more
it may find. but I think it's all gone. so run it then show me a log and HijackThis, log.
Gogo
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.