Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

W32/virut-b ***please review my logs to see if I have successfully eli


  • Please log in to reply

#1
Bill McBride

Bill McBride

    New Member

  • Member
  • Pip
  • 1 posts
I was attacked Monday by a different strain of the W32/Virut virus. This was not the "A" strain, rather identified as "B". This virus successfully attacked all my spyware/ad-aware/Hijack programs and MacAfee virus software. It shutdown all of these programs.

By starting up in safe mode and executing the avg software, spybot, and Hijack programs from a separate external flash drive (and doing various removals), I was able to access my machine and install an updated scan.dat file from MacAfee and re-load the various spyware programs and re-run them all. At one point it appears that the avg software was infected and MacAfee cleaned it. System seems to be running fine now, but I am fearful that I have not cleaned an executable somewhere.

Please review my log files below and let me know if you see anything additional that I might have missed.

I have followed all the instructions recommended prior to posting a log item. These include:

1. Running the atf cleaner
2. creating a system restore point and disc cleanup
3. Running and deleting errors from ad-aware
4. Running avg spyware per the instructions ---->logs posted below
5. Running on-line panda scan
6. following the instructions listed in a thread search on "A0032232.exe" on geeks to go, to include running the highjack after allowing hidden files and extensions to be shown.
7. Deleted quaranteened files from MacAfee.
8. Ran windows defender
9. Was not able to run kaspersky scan b/c it required that I remove MacAfee. I didn't feel comfortable doing this.

Files I am posting below include:
1. Hijack startup list
2. Hijack unintall program list
3. Hijack logfile
4. AVG report scan
5. Initial panda scan results (I used the panda tool to disinfect these. These are no longer showing up on a report when doing a follow up panda scan.)

Hijack start up list
StartupList report, 10/25/2006, 1:19:30 AM
StartupList version: 1.52.2
Started from : C:\Spyware\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sun\MPS\bin\https\bin\ns-httpd.exe
C:\Program Files\Cognos\cer4\bin\amserver.exe
C:\Program Files\Sun\MPS\bin\https\bin\httpd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cognos\cer4\bin\UpfrontAdministration.exe
C:\Program Files\Cognos\cer4\bin\upfdbsrv.exe
C:\Program Files\Cognos\cer4\bin\UpfDispatcherService.exe
C:\Program Files\Cognos\cer4\bin\rds.exe
C:\Program Files\Cognos\cer4\bin\UpfFMServer.exe
C:\Program Files\Cognos\cer4\bin\epPlanningService.exe
C:\Program Files\Cognos\cer4\bin\UpfFMServer.exe
C:\Program Files\Cognos\cer4\bin\UpfEventServer.exe
C:\Program Files\Cognos\cer4\bin\UpfServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cognos\cer4\bin\UpfSearchEngine.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Cognos\cer4\bin\UpfServer.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
C:\Program Files\Sun\MPS\bin\slapd\server\ns-slapd.exe
C:\Program Files\Sun\MPS\bin\slapd\server\ns-slapd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sun\MPS\bin\slapd\server\slapd.exe
C:\Program Files\Sun\MPS\bin\slapd\server\slapd.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRAM FILES\PATCHLINK\UPDATE AGENT\pddm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\winzip\WZQKPICK.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Spyware\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
hpoddt01.exe.lnk = ?
officejet 6100.lnk = ?
Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
WinZip Quick Pick.lnk = C:\Program Files\winzip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nwiz = nwiz.exe /installquiet /keeploaded /nodetect
TPSMain = TPSMain.exe
TPSODDCtl = TPSODDCtl.exe
SoundMAXPnP = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
LtMoh = C:\Program Files\ltmoh\Ltmoh.exe
AGRSMMSG = AGRSMMSG.exe
ShStatEXE = "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service = "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
PDDM = C:\PROGRAM FILES\PATCHLINK\UPDATE AGENT\pddm.exe
eFax 4.2 = "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

FRU Task #Hewlett-Packard#hp officejet 6100 series#1156559322.job
MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?LinkID=39204

[VerifyGMN Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.dll
CODEBASE = http://h20270.www2.h...staller_gmn.cab

[NeoterisSetup Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NEOTER~1.OCX
CODEBASE = https://na.mycognos....oterisSetup.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.micros...b?1142582355140

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[ASPRO Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ASPROinst.dll
CODEBASE = http://acs.pandasoft...5/asproinst.cab

[GpcContainer Class]
InProcServer32 = C:\Program Files\WebEx\ieatgpc.dll
CODEBASE = https://cognos.webex...bex/ieatgpc.cab

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\system32\qdiagh.ocx
CODEBASE = http://h30155.www3.h.../qdiagh.cab?326

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 9,427 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


uninstall_list.txt
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
American Airlines TravelDesk
AVG Anti-Spyware 7.5
Bluetooth Stack for Windows by Toshiba
Check Point VPN-1 SecureClient NG_AI_R56
Cognos Series 7 Version 3
Cognos Solutions Implementation Methodology Editor
Cognos Windows Common Logon Server
Directory Server
eFax Messenger 4.2
Evolve Offline Time and Expense
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hp instant support
HP Memories Disc
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
InterActual Player
InterVideo WinDVD 4
iPassConnect
Macromedia Shockwave Player
McAfee Anti-Spyware Enterprise Module
McAfee VirusScan Enterprise
Meeting Manager for Internet Explorer
Microsoft Office Professional Edition 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Organization Chart 2.0
Microsoft SQL Server 2000
MSN Music Assistant
My WebEx Integration to Outlook
Nero 6 Ultra Edition
NVIDIA Drivers
Panda ActiveScan
Panda ActiveScan Pro
PatchLink Update Agent
RelevantKnowledge
Remove Hidden Data Tool
Sametime Client v3.1
SD Secure Module
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
Shadow Copy Client
SoapToolkit20RT
SoundMAX
Spybot - Search & Destroy 1.4
TOSHIBA Power Saver
TOSHIBA Software Modem
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
VMware Workstation
WebEx
WebEx One-Click Meeting
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinZip
WinZip Command Line Support Add-On 1.1 SR-1
Yazzle by OIN


Hijack logfile
Logfile of HijackThis v1.99.1
Scan saved at 1:33:43 AM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sun\MPS\bin\https\bin\ns-httpd.exe
C:\Program Files\Cognos\cer4\bin\amserver.exe
C:\Program Files\Sun\MPS\bin\https\bin\httpd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cognos\cer4\bin\UpfrontAdministration.exe
C:\Program Files\Cognos\cer4\bin\upfdbsrv.exe
C:\Program Files\Cognos\cer4\bin\UpfDispatcherService.exe
C:\Program Files\Cognos\cer4\bin\rds.exe
C:\Program Files\Cognos\cer4\bin\UpfFMServer.exe
C:\Program Files\Cognos\cer4\bin\epPlanningService.exe
C:\Program Files\Cognos\cer4\bin\UpfFMServer.exe
C:\Program Files\Cognos\cer4\bin\UpfEventServer.exe
C:\Program Files\Cognos\cer4\bin\UpfServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cognos\cer4\bin\UpfSearchEngine.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Cognos\cer4\bin\UpfServer.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
C:\Program Files\Sun\MPS\bin\slapd\server\ns-slapd.exe
C:\Program Files\Sun\MPS\bin\slapd\server\ns-slapd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sun\MPS\bin\slapd\server\slapd.exe
C:\Program Files\Sun\MPS\bin\slapd\server\slapd.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRAM FILES\PATCHLINK\UPDATE AGENT\pddm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\winzip\WZQKPICK.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cognos.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDDM] C:\PROGRAM FILES\PATCHLINK\UPDATE AGENT\pddm.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\winzip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\webex\webex\350\atonecli.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: *.sottplus1.cognos.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://na.mycognos....oterisSetup.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1142582355140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cognos.webex...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ent.ad.cognos.com
O17 - HKLM\Software\..\Telephony: DomainName = ent.ad.cognos.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ent.ad.cognos.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ent.ad.cognos.com
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O23 - Service: Sun One Administration Server 5.2 (admin52-serv) - Sun Microsystems Inc - C:/Program Files/Sun/MPS/bin/https/bin/ns-httpd.exe
O23 - Service: Cognos Access Manager Server (cer4) (amserver_cer4) - Cognos Inc - C:\Program Files\Cognos\cer4\bin\amserver.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cognos Upfront Administration Service (cer4) (Cognos UpfrontAdministration (cer4)) - Cognos Incorporated - C:\Program Files\Cognos\cer4\bin\UpfrontAdministration.exe
O23 - Service: Cognos Upfront Data Store (cer4) (Cognos UpfrontDataStore (cer4)) - Cognos Incorporated - C:\Program Files\Cognos\cer4\bin\upfdbsrv.exe
O23 - Service: Cognos Upfront Dispatcher (cer4) (Cognos UpfrontDispatcher (cer4)) - Cognos Incorporated - C:\Program Files\Cognos\cer4\bin\UpfDispatcherService.exe
O23 - Service: Cognos Enterprise Planning (cer4) (epPlanningService_cer4) - Cognos Incorporated - C:\Program Files\Cognos\cer4\bin\epPlanningService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PatchLink Update - PatchLink Corporation - C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sun ONE Directory Server 5.2 (WDALMCBRIDEW1XP) (slapd-WDALMCBRIDEW1XP) - Unknown owner - C:\Program Files\Sun\MPS/bin/slapd/server/ns-slapd.exe
O23 - Service: Sun ONE Directory Server 5.2 (WDALMCBRIDEW1XP2) (slapd-WDALMCBRIDEW1XP2) - Unknown owner - C:/Program Files/Sun/MPS/bin/slapd/server/ns-slapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe




report-scan
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:04:08 AM 10/25/2006

+ Scan result:



Nothing found.


::Report end


Panda on-line active scan
Incident Status Location

Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\mcbridew\Cookies\[email protected][1].txt
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP