I have an infection and need assistance. I have followed the steps in the before posting thread and here are the logfiles produced. My connection was cranking like crazy and the inital disinfection process did fix that, but there are still bad things on my machine. Trojan.pakes and Downloader.Zlob came up in the scans. I do not like the disinfection process as it requires me to open IE (firefox user) which reinfects my machine every time, but this probally can't be avoided as the Panda scan seems to need IE. Please take a look at my logs and advise on action to take. Thanks much!
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:42:30 PM 11/2/2006
+ Scan result:
C:\Program Files\M3 GAME Manager\gamesave\bank.dat -> Adware.BetterInternet : Cleaned.
C:\WINNT\system32\regperf.exe -> Downloader.Zlob.ni : Cleaned.
C:\WINNT\system32\dcomcfg.exe -> Downloader.Zlob.nw : Cleaned.
C:\Program Files\FlashFXP\crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.213:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.215:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.368:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.370:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.276:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.277:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.278:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINNT\servstat32x.exe -> Trojan.Pakes : Cleaned.
C:\WINNT\system32\eraseme_63653.exe -> Trojan.Pakes : Cleaned.
::Report end
Active Scan Log
Incident Status Location
Adware:adware/dloader Not disinfected c:\winnt\system32\msblank.html
Adware:adware/emediacodec Not disinfected c:\winnt\system32\simpole.tlb
Adware:adware/beehappyy Not disinfected c:\winnt\system32\z13.exe
Adware:adware/cws.yexe Not disinfected c:\winnt\inet20057
Adware:adware/yazzlesudoku Not disinfected Windows Registry
Adware:adware/mediatickets Not disinfected Windows Registry
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt[.go.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cp51weiv.default\cookies.txt[searchportal.information.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Possible Virus. Not disinfected C:\Program Files\mIRC\download\neropp.rar[neropp.exe][nero.exe]
Adware:Adware/SecurityError Not disinfected C:\WINNT\system32\hp362A.tmp
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINNT\system32\i
Log end
Hijack this log start
Logfile of HijackThis v1.99.1
Scan saved at 8:30:21 AM, on 11/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINNT\BQTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iTunesHelper] __C:\Program Files\iTunes\iTunesHelper.exe__
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Picture to Mobile Phone - C:\Program Files\Pix2Fone\p2fd.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Upload Picture - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O9 - Extra 'Tools' menuitem: Upload Picture to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O12 - Plugin for .mid: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://thomsonlearn...bex/ieatgpc.cab
O20 - AppInit_DLLs: C:\WINNT\system32\nslookup.dll
O20 - Winlogon Notify: winvnv32 - winvnv32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINNT\system32\ZoneLabs\vsmon.exe (file missing)
log end