(Material below was edited and reposted without wordwrap)
Incident Status Location
Adware:adware/windowenhancer Not disinfected C:\WINDOWS\SYSTEM\SBUtils
Adware:adware/elitebar Not disinfected Windows Registry
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/NewMedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5urqdw1w.default\cookies.txt[]
Logfile of HijackThis v1.99.1
Scan saved at 12:16:42 PM, on 3/2/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\NECSSFW\WSWPD.EXE
C:\NECSSFW\WSTIMEB.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
F1 - win.ini: run=C:\NECSSFW\WSWPD.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} (AxTaskList Class) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
Edited by Neonate, 02 March 2006 - 03:29 PM.