Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware popups, browser search redirection, and slow system [RESO


  • This topic is locked This topic is locked

#1
browneyedleo730

browneyedleo730

    Member

  • Member
  • PipPip
  • 36 posts
Hi!

Two days ago a program called VirusBurst 4.5 was downloaded to my desktop without my permission. Security alerts began popping up on my screen. My system slowed down considerably, and when perofrming yahoo searchers, I was being redirected to sites such as NetJester. I tried every program listed in the "You must read this before posting a hijackthis log"section of this website as well as SmitRem and SmithFraud Fix (they have fixed problems in the past), but I continue to experience the same problems. I ran Activescan Pro and a list of 6 hijackers and 23 spyware infections were identified but the program couldn't remove them. I will post that report after the HijackThis Log.

Thanks for your help!

Erin

Logfile of HijackThis v1.99.1
Scan saved at 9:07:43 PM, on 9/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\InterMute\IMStart.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.psu.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5980930B-BF5E-A20A-38C7-0ADFF78624A0} - C:\WINDOWS\system32\cxxoalj.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ehoepad.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ehoepad.dll,cpyyrjb
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\hiconpha.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157113512500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52249C79-E2FE-47EA-B6E0-356D06F61F34}: NameServer = 128.118.25.3,130.203.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe



Activespan Pro Log

Incident Status Location

Hacktool:exploit/mhtredir.gen Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Adwareremover Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
  • 0

Advertisements


#2
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#3
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi,

I ran VundoFix, however, it reported that there were no infected files and did not produce a report. Here is the HijackThis report:

Logfile of HijackThis v1.99.1
Scan saved at 11:54:18 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Webshots\webshots.scr
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.psu.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5980930B-BF5E-A20A-38C7-0ADFF78624A0} - C:\WINDOWS\system32\cxxoalj.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ehoepad.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ehoepad.dll,cpyyrjb
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157113512500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52249C79-E2FE-47EA-B6E0-356D06F61F34}: NameServer = 128.118.25.3,130.203.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe


Thanks!

Erin
  • 0

#4
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Okay, I need you to upload a couple of files.

Firstly, make sure you can view Hidden files, please follow these steps:1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.
10. Now your computer is configured to show all hidden files.
Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\cxxoalj.dll
  • Click on the submit button
  • Please post the results in your next reply.
Repeat the process with this fileC:\WINDOWS\system32\ehoepad.dll

Next, download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan, along with the two Jotti reports and a fresh HijackThis log

  • 0

#5
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I did as you suggested. Ewido did not find anything and therefore did not create a report. Below are the jottis and hihackthis reports.

File: cxxoalj.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5 0a35ae279f9928fcb9b601236b071f55
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably a variant of Win32/TrojanDownloader.Busky.AZ (probable variant)
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing



File: ehoepad.dll
Status: INFECTED/MALWARE
MD5 359b1aeb2ff10dbc8524f6011dc3fbb0
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found a variant of Win32/TrojanDownloader.Busky.AZ
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Logfile of HijackThis v1.99.1
Scan saved at 12:46:17 AM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterMute\IMStart.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.psu.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5980930B-BF5E-A20A-38C7-0ADFF78624A0} - C:\WINDOWS\system32\cxxoalj.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ehoepad.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ehoepad.dll,cpyyrjb
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157113512500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52249C79-E2FE-47EA-B6E0-356D06F61F34}: NameServer = 128.118.25.3,130.203.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe


What next? Thanks for all your help?

Erin
  • 0

#6
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Sorry for the delay, I have had a busy weekend.

Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop. (do not run it yet.)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {5980930B-BF5E-A20A-38C7-0ADFF78624A0} - C:\WINDOWS\system32\cxxoalj.dll

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
  • Please double-click Killbox.exe on your desktop to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\cxxoalj.dll
    C:\WINDOWS\system32\ehoepad.dll


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along with a new HijackThis log.

  • 0

#7
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi,

Here are the logs you requested.

Thanks!

Erin


Logfile of HijackThis v1.99.1
Scan saved at 1:17:21 AM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.psu.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ehoepad.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ehoepad.dll,cpyyrjb
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157113512500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52249C79-E2FE-47EA-B6E0-356D06F61F34}: NameServer = 128.118.25.3,130.203.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe

Kaspersky log

Monday, September 11, 2006 1:15:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/09/2006
Kaspersky Anti-Virus database records: 222318


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics
Total number of scanned objects 86907
Number of viruses found 20
Number of infected objects 63 / 0
Number of suspicious objects 0
Duration of the scan process 01:54:44

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a68929aad097c00d9073de207f3c0161_96d8e449-fec4-4e12-b1a3-b4b4a5475e24 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03C00000\47D8C6BD.VBN Infected: Virus.Win32.Nsag.b skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05C40000\47E480CF.VBN Infected: not-a-virus:AdWare.Win32.EliteBar.af skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05C40000\47E480D0.VBN Infected: Trojan-Downloader.Win32.Agent.tv skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05C4000A\47E4D622.VBN Infected: not-a-virus:AdWare.Win32.EliteBar.af skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05C4000B\47E4DDBD.VBN Infected: Trojan-Downloader.Win32.Agent.tv skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06D00000\46F46E0D.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06E00000\46E81B54.VBN Infected: Trojan-Downloader.Win32.Ani.c skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06E00001\46E81B9A.VBN Infected: Trojan-Downloader.Win32.Ani.c skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\072C0000\47EF82AB.VBN Infected: not-virus:Hoax.Win32.Renos.aw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\072C0001\47EF8ED7.VBN Infected: not-virus:Hoax.Win32.Renos.aw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840000\4C877592.VBN Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840000\4C877593.VBN Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840000\4C8775B1.VBN Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09880001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenStream.z skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09880001.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09880001.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09900000\4BF8D6D9.VBN Infected: not-virus:Hoax.Win32.Renos.aw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09900001\4BF95474.VBN Infected: not-virus:Hoax.Win32.Renos.aw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C1C0001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenStream.z skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C1C0001.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C1C0001.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C1C0002.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenStream.z skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C1C0002.VBN ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C1C0002.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN/C:/Program Files/AutoUpdate/AutoUpdate.exe Infected: Trojan-Downloader.Win32.Apropo.g skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN/C:/WINDOWS/system32/msy2nls.exe Infected: Trojan-Downloader.Win32.Apropo.aa skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN/C:/WINDOWS/system32/msnkmgr.exe Infected: not-a-virus:AdWare.Win32.Apropos.i skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN CAB: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440002.VBN/C:/Program Files/AutoUpdate/AutoUpdate.exe Infected: Trojan-Downloader.Win32.Apropo.g skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440002.VBN/C:/WINDOWS/system32/msy2nls.exe Infected: Trojan-Downloader.Win32.Apropo.aa skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440002.VBN/C:/WINDOWS/system32/msnkmgr.exe Infected: not-a-virus:AdWare.Win32.Apropos.i skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440002.VBN CAB: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440002.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440003.VBN/C:/WINDOWS/system32/pacis.exe Infected: Trojan-Downloader.Win32.Pacer.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440003.VBN CAB: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440003.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440004.VBN/C:/WINDOWS/system32/pacis.exe Infected: Trojan-Downloader.Win32.Pacer.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440004.VBN CAB: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440004.VBN CryptZ: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440005.VBN Infected: Trojan-Downloader.Win32.Pacer.e skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240000\4FFDB6DE.VBN Infected: not-a-virus:AdWare.Win32.Agent.c skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EBC0001\4FBC8118.VBN Infected: not-a-virus:AdWare.Win32.Sahat.o skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EBC0001\4FBC8119.VBN Infected: not-a-virus:AdWare.Win32.Sahat.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EBC0001\4FBC811A.VBN Infected: not-a-virus:AdWare.Win32.Sahat.o skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-15215cb8-21332f7f.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-2389f797-258000be.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-25a3a658-74170e6f.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-41819583-6b3b9c9d.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-49333ae2-538da4b6.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-51e6b0d7-71f0414e.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-52d8b673-12e500b6.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-54f26534-481956e6.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\14779fe6.exe Infected: Trojan.Win32.Dialer.ay skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\40733af6.exe Infected: Trojan.Win32.Dialer.ay skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\5314aaf6.exe Infected: Trojan.Win32.Dialer.ay skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\cc54aaf6.exe Infected: Trojan.Win32.Dialer.ay skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\f0de7ee6.exe Infected: Trojan.Win32.Dialer.ay skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\fe0b9af6.exe Infected: Trojan.Win32.Dialer.ay skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0174NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP6\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#8
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Double-click sspsetup1.exe to install it.
  • Before installation it may ask you to check for program updates. Click YES.
    Then finish installation leaving all the default options.
  • Once the program is installed, it will ask if you wish to reboot now choose YES.
  • After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Close any other open windows and click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Close any other open windows and click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Close any other open windows and click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Post back the SpySweeper log and a new HijackThis log.
  • 0

#9
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here is the spy sweeper log. It looks large so I will post the Hijacthis log in a separate post.

Thanks for all your help!

Erin

12:20 AM: Removal process completed. Elapsed time 00:00:12
12:20 AM: Quarantining All Traces: xxxcounter cookie
12:20 AM: Quarantining All Traces: reunion cookie
12:20 AM: Quarantining All Traces: questionmarket cookie
12:20 AM: Quarantining All Traces: qksrv cookie
12:20 AM: Quarantining All Traces: pub cookie
12:20 AM: Quarantining All Traces: imlive.com cookie
12:20 AM: Quarantining All Traces: nextag cookie
12:20 AM: Quarantining All Traces: mygeek cookie
12:20 AM: Quarantining All Traces: hotlog cookie
12:20 AM: Quarantining All Traces: findwhat cookie
12:20 AM: Quarantining All Traces: enhance cookie
12:20 AM: Quarantining All Traces: atwola cookie
12:20 AM: Quarantining All Traces: aptimus cookie
12:20 AM: Quarantining All Traces: apmebf cookie
12:20 AM: Quarantining All Traces: pointroll cookie
12:20 AM: Quarantining All Traces: specificclick.com cookie
12:20 AM: Quarantining All Traces: adecn cookie
12:20 AM: Quarantining All Traces: yieldmanager cookie
12:20 AM: Quarantining All Traces: sandboxer cookie
12:20 AM: Quarantining All Traces: 735 cookie
12:20 AM: Quarantining All Traces: 5 cookie
12:20 AM: Removal process initiated
12:18 AM: Traces Found: 22
12:18 AM: Full Sweep has completed. Elapsed time 00:31:26
12:18 AM: File Sweep Complete, Elapsed Time: 00:27:34
12:15 AM: Warning: Unable to sweep compressed file: "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\q7gerh5o\kavwebscan_unicode[1].cab": File not found
12:14 AM: Warning: Failed to access drive J:
12:14 AM: Warning: Failed to access drive I:
12:14 AM: Warning: Failed to access drive H:
12:14 AM: Warning: Failed to access drive G:
12:11 AM: Warning: Failed to access drive E:
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\bot_shadow_bg[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\jfdvzhko\footer_bg_chex[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\jfdvzhko\bot_shadow_corners[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\box_grn_top[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\box_grn_bg[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\box_grn_bot[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\side_shadows[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\top_shadow_bg[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ohu745q7\top_shadow_corners[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\obffmgxl\070606_education3[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\rvtnzt8k\caqz4zq3.gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk0rdx0l\caqt2n01.htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\2fe76tab\ca4v5n2m.gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\apchw5qv\recent[1].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\replacetext[1].js". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\spacer[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ynudqfpe\popup[1].js". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\send[1].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\upload[2].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\import[1].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\ca5lfneg.gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\dcs[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wzl7ua7h\dcs[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\q7gerh5o\caa539k8.gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1sn4jg3\ca4pi301.gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k58p63gh\online[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s3u5wla1\calkn635.gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\cagdodov.gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\caf31h0y.gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\_;ord=1158118242563805[1]". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\ymknb_db[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk4b5doh\cr_gg_nw[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk4b5doh\ymbnr_db_ne[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\pa_module[1].php". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\rvtnzt8k\sd[1].txt". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ydrwlcf6\spacer[2].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1sn4jg3\footer_popcat[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k58p63gh\check[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\apchw5qv\yahho[1].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cfqbehzb\skipnavgif[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\x4nighx7\popclientuidlcounter[2].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk4b5doh\sitenav2[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\01qjwd2z\10x89[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\01qjwd2z\shhdspce_revpsu[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ohu745q7\30x21[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ohu745q7\10x10[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kpynwpen\sitenav[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ah4ni1a5\closerlook[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k58p63gh\printerfriendly[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\blue[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\jfdvzhko\undohtml[1].css". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1sn4jg3\ed[1].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k58p63gh\facultyon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\2fe76tab\commonwealthon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\2fe76tab\erieon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\2fe76tab\capitalon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\x4nighx7\berkson[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ynudqfpe\staffon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ynudqfpe\generaleduon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\apchw5qv\courseson[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\infoon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\jfdvzhko\intercollon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\associatedegreeon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk4b5doh\liberalon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\engon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\hhdon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wzl7ua7h\emson[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wzl7ua7h\eduon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wzl7ua7h\businesson[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cfqbehzb\common[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cfqbehzb\artson[2].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\q7gerh5o\altoonaon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0763i4kq\agon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\obffmgxl\abingtonon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\rvtnzt8k\scion[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk0rdx0l\commentson[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1sn4jg3\indexon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ah4ni1a5\homeon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k58p63gh\staff[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\2fe76tab\faculty[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\x4nighx7\generaledu[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ynudqfpe\info[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cn5pjbhu\intercoll[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\associatedegree[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\courses[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\sci[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\apchw5qv\liberal[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s3u5wla1\hhd[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s3u5wla1\eng[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\edu[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\comm[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\ems[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\business[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\ag[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\jfdvzhko\arts[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\erie[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk4b5doh\commonwealth[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\capital[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\berks[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\altoona[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wh41ivgd\gobutton[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wh41ivgd\comments[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\abington[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\index[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\01qjwd2z\home[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kpynwpen\spacer[3].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cfqbehzb\bluebook[1].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\q7gerh5o\feedme_unet[1].css". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ydrwlcf6\liimage2[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ydrwlcf6\liimage[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\arrow_orange[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1sn4jg3\myportal[1].js". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\popclientuidlcounter[2].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\x4nighx7\navmenu_green[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\popclientuidlcounter[1].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\popclientuidlcounter[2].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\popclientuidlcounter[1].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\excel[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\popclientuidlcounter[2].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kpynwpen\navbar_select[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8248zn8t\qs_tips[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cfqbehzb\reemail[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\q7gerh5o\recor[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0763i4kq\icon_doi[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\obffmgxl\corner_bottom_right_wprodcolor[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ydrwlcf6\corner_bottom_left_wprodcolor[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1sn4jg3\triang[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k58p63gh\middot[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\2fe76tab\corner_top_right_prodcolor[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\x4nighx7\corner_top_left_prodcolor[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ynudqfpe\line[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s3u5wla1\navbar_back[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\space[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\sign_minus[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\sign_plus[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\clear[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\01qjwd2z\popclientuidlcounter[3].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wh41ivgd\libgif[1].htm". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k58p63gh\secondary[1].css". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\2fe76tab\contact[1].css". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\arrows[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kpynwpen\dates[1].css". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ydrwlcf6\secondary[1].css". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ynudqfpe\submit[2].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\btn_close-window[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s3u5wla1\spacer[2].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s3u5wla1\__utm[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\logo_fdic[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\footer_divider[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\icon_help[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\icon_print-friendly[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\icon_address-change[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\icon_email-notification[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\col_left_div02[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\lbl_features-highlights[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk4b5doh\spacer[2].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\sect_title_recent-activity[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wzl7ua7h\nav_sign-out[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\01qjwd2z\nav_blank_bg[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\01qjwd2z\nav_top_online-help[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ah4ni1a5\nav_top_sign-in_over[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\apchw5qv\nav_top_contact-us_over[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\nav_top_about-us_over[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\logo_fdic[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\footer_divider[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\divider_yellow[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\lbl_features_highlights_yel[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wh41ivgd\bullet_square_small[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wzl7ua7h\pod_quicklinks_bg[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\01qjwd2z\pod_homelogin_bg[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kpynwpen\btn_learn-more[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\q7gerh5o\icon_lock_mini[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0763i4kq\btn_help[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\rvtnzt8k\lbl_access_your_accnt[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ydrwlcf6\spacer[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\x4nighx7\nav_sign-in[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cn5pjbhu\nav_top_contact-us[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cn5pjbhu\spacer[4].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\nav_top_about-us[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\scripts[1].js". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\__utm[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8248zn8t\__utm[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\null[1].js". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\yb_continue[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\null[1].js". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wzl7ua7h\title_notregistered[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ohu745q7\footer_grey[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8248zn8t\but_login_main[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0763i4kq\bottombox[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\obffmgxl\spacer[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ydrwlcf6\notab[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cn5pjbhu\silvertabs_bg_on[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\silvertabs_bg_off[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\apchw5qv\silvertabs_space[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\fdic_logo[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\imark[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\accessaccount_tb_right[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\accessaccount_tb_left[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wzl7ua7h\national_map2[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\01qjwd2z\spacer[2].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kpynwpen\spacer[2].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8248zn8t\silvertabs_full_rightbott_w[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cfqbehzb\silvertabs_full_right_white[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\q7gerh5o\silvertabs_full_rightbott_b[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\obffmgxl\silvertabs_full_middle_bwhi[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\rvtnzt8k\silvertabs_full_leftbott_wh[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1sn4jg3\icon_calculator_small[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k58p63gh\checking_dots_169[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ynudqfpe\silvertabs_full_left_white[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\silvertabs_right_space[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\apchw5qv\silvertabs_right_off[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s3u5wla1\silvertabs_right_on[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\silvertabs_left_off[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\silvertabs_left_on[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\silvertabs_left_space[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\jfdvzhko\spacer[3].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\nav_bg_off[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\nav_left_off[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\nav_div_off[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kpynwpen\drop_bg_off_bttm_131[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cfqbehzb\drop_dotline_131[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\rvtnzt8k\drop_bg_off_bttm_155[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ydrwlcf6\drop_dotline_153[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk0rdx0l\drop_dotline_112[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1sn4jg3\drop_bg_off_bttm_114[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\2fe76tab\logo_divide[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ynudqfpe\spacer[2].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk4b5doh\cao1ybwt.php". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\c[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\c[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kpynwpen\ca58079d.php". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8248zn8t\c[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cfqbehzb\sort_arrow[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\q7gerh5o\button_print[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\rvtnzt8k\casp4hcb.php". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ydrwlcf6\caajohaz.php". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk0rdx0l\button_print[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1sn4jg3\search[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\x4nighx7\h3_tab_left[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bio8aqxh\tab_right_ob[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\s3u5wla1\tab_right_on_ob[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\h3_tab_right[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\h3_tab_left[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\jfdvzhko\q[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ilvwd8fu\tab_logoff_left_en_us_ob[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk4b5doh\tab_logoff_right[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0x8nc3gb\lock_icon[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\exs3ahyh\secondary_nav_bg_ob[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wh41ivgd\tab_left_on_ob[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zeg3f18d\tab_left_ob[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wzl7ua7h\secondary_nav_tab_right_2_en_us_ob[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0763i4kq\secondary_nav_tab_right_en_us_ob[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cfqbehzb\caajcfd6.php". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\rvtnzt8k\ca8todgj.php". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\dk0rdx0l\tab_bar_ob[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ah4ni1a5\button_background[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\2fe76tab\clearpixel[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\qf6dgbab\cak5i7sd.php". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\6nk1m9m9\blue_arrow[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\056fo9qj\check_icon_home[1].gif". The operation completed successfully
12:09 AM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\jfdvzhko\login_arrow[1].gif". The operation completed
  • 0

#10
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here is the Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 12:29:58 AM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.psu.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [ehoepad.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\ehoepad.dll,cpyyrjb
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157113512500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52249C79-E2FE-47EA-B6E0-356D06F61F34}: NameServer = 128.118.25.3,130.203.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • 0

Advertisements


#11
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Hi browneyedleo730,

I know you have already run smitfraudFix, but I need you to run it again as I would like to see the log.

You need to delete it from your desktop, and download it again. (It has been updated)

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#12
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here is the log you requested. I wasn't having any problems with the fake security pop-ups for the last several days, but when I turned my computer on this morning, a whole new batch of pop-ups have been occuring and my browser was being redirected or when I clicked on a link, the new page would not load. I ran trojan hunter and it reported three infections: Hoax.Renos. 167, Trojan Downloader. Zblob 459 and Trojan Downloader, Zblob 500. I "cleaned" those infections. I'm no longer being redirected to "security" websites, but I still have spyware alerts in my task bar.

Thanks for you help

Erin

SmitFraudFix v2.87

Scan done at 9:03:32.45, Thu 09/14/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#13
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


1. Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
2. Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


3. Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.

4. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

5. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

6. Reboot back into Normal Windows Mode

7. Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

8. Please Post the following logs:
  • c:\rapport.txt
  • A new HijackThis log

  • 0

#14
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
SmitFraudFix v2.87

Scan done at 20:24:06.81, Thu 09/14/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


Logfile of HijackThis v1.99.1
Scan saved at 8:57:47 PM, on 9/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterMute\IMStart.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.psu.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [ehoepad.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\ehoepad.dll,cpyyrjb
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157113512500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52249C79-E2FE-47EA-B6E0-356D06F61F34}: NameServer = 128.118.25.3,130.203.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#15
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Hi browneyedleo730,

Sorry I havn't replied sooner, I havn't been able to get online much.

Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\
  • In the box labeled "File"
    • Enter cpyyrjb
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP