Night out got cancelled so here is the somewhat messy log from Agent Ransack:
C:\Documents and Settings\melissa bonem\Local Settings\Temporary Internet Files\Content.IE5\index.dat (496 KB, 5/4/2005 9:16:28 AM)
1 Client UrlCache MMF Ver 5.2À Pí Äoà´STIBCHAJ 2NYHNZ5X 2HWEBIVY AQSHLZ1Iü @0 ¯ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿùÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿï¾̃ ÿÿÿÿÿÿÿÿHASH À ;§ï€ú@Ú§Å< @ %à€] :Ơ»… @\ES€D 6<Á[ € ÛX€è ư`₫êÓƯăS 0ÛR€r À ¶{1 Àơ4€¡ € E¼£ ÀY)Ä€Ó ÀZ ´b€ )„¯X”€q @H`— 5,¼ @y đ À:Çí^ €K‘J€å€› —€" @¹¢€i @œ$+€ € dĐ÷ 6´+ @Íä¶ ÀËÁÍ€€Î3Ñ€° Ân– ÀMgq€S @GǤó '&Úù @€´Ú€7 À¥|½á€X( ä@ÄùT\ @9t” €PÅF €`f̣€h €r¿<p H‡ Å€{À%!«€u ¢ €¹ @yÄ8Đ À]ÖZ€ p% €t,/4 €vÚĂ€§ €7‘ÓÀ±·E€ @/€G À»₫€€Œ €ĐĶ€É À¥dư# €éà €oD1‡}@t ¶€ü ‚$Ơ€ @M â€k U¨—€å € ëê €EùN€–Q¿‹€l¹q‘2µ ¬ñD:€Ơ@ê7Ç€ÁÀ„Ñ0€‰ ÀûR‘eâEÀ@Ü ›€ ˜ưƒ& E,& €¼Àñ„1€v GJ—€x @Ÿ¦ƒ€àaÇ€ñ€€ă¼¯ ơ“R€† ” ó€8 €ÿ£Ö€” ÏwH€^ @À°h€°„r¬ÈÂO€† À²_ @£zµå @1m €b @ ÷€¬ c ÎÀwujtÀ*Ñ €ª€ºÍøL @î£>‚ À g€ñ Èømÿ 0O€@Y±˜€¹€iR€ư@iX€’ ¹6Ă€\ €p¥ UÔd€ß €L ©€î@å ÿÀ'î! À &×€1 À9{²€` €AŒ€M € ™†€w À“˜²YE€¶€Đ?¨»€öD €• €Jy.— €÷&¡© è`€Æ ÀøÀ’€f@ †€îL‰€¡€qï½€T ₫ưé¬ Àụ̈q€ÿ ÀYh‡€8 ÀºÂ kÀ{ês{ €Uÿú€5 @º- € 5€w € ê®f À ‘J„ À_©¬€Œ18Ơ¯Ú3 @ g±€e »DO À˜f º "ù耆 ÿ]k€`À×¼ó€uÀ|HFĂ@`EÛ€Œ @Ø=´+ 8µÎR À >Ç bªD€rÀĐj4€‰€«TÀ©X‹Ô€ô€ L € À˜É €o €`₫Q€ @Á» €x@t‡g€ …²₫0‰@$ϵ €ÔI‚( @ÓÛ±€m €C€y€' qî—]̉f£@à¡ €â€FÏ s ø» Ù²¨€V ¢A|ä 5À©@V€ €Œ¬“€4 ÅŸÀO€ @BR„ @ǽÉ€à €›èó€ €₫/¼}À(‡Œ€ Å ư½‹6 =y€l €‡Dk@À đ€‰ @ḅ€€l€ưè•€˜f€ÀùÀ[»„ù €Yß-€ ÑN€ @q e€ Àw‹R€ “¾9€ÆÀå¼Ö¦ @UĂHÓ À- ₫€Ô Àđ /€Á € -û À×ơ$ó@^ UÛ „Ñ €X ΀4 T@ @„ Ă€S ÀnDÅ€– €ƒªy€c€)° €7 ÀÄ”̣9 €8nø€ă @yÿn€̣ #€†ør€› €]€¤ …ÑÛäØÀ‰\z€ èïea N³ Ÿ4§€î €a£¤ Àvë“ö€¥¯ €: € Ë×Ü À́ÿ•d À7iw̉ € çù ƠGÚ€ @µ¯dĂŸ À×£ăh –éq €-Vt€³ Àœ’€€Ú h‘ €(ă•å»€c À9‰ƒ€ và” @ø£€± @…?‚€¬ €J9˜€œ ¯Ú n€‰¹µ€’¹Ñ€¤@ó1/¦@áB’€+ €'€Q Àó_㸠À+cO€ĩK1€€4»*€ëÀÜ ÓÀ⺮€¶ @á~·â –ØA€; €N©Ëí…@–€( EߪẁxäMt À 2‘ €ø]8€Y \3«m @ ‘ê' Àf’ €W @s” €ª À Ö¾ß )J*€́ ÀẸ>è¿:Àä*‡€›€:RÜ- Xµÿ€ƒ €ü5`: Àñ 5€t @uc¦g ¨öºo Tï/€•F|ab ̉¿¾ë ˜ €J @ ïC€G ÀƯ(Ø€z €Å‚¹§ dÓ €€E÷*€D €ÑxqÖ €1Ư? @Ë¢_Ơ €CŒ\€; @Üzx ÀœØ¨qàX üª«€À¢K¬Y Ûne @Ø%¤€P @ª–K€S ¯",”Àbk,;¦§0 @œ̃²€= À«`8ˆ X €.$ơ À$zÔÀQn €1ă’€Ư Cudô @ơ ¹Ø €®ÏÄ€ô @µáâ€â €̉ h€ƒ h€~@^Óg€C8ÀƯÖ n €° ’| @e_$ç k$H€. €ß H₫ €-ÈA€€ rçÅ€Ï Àó(¹€é ó?©Œ “ºó€Ó €ĂLJ¸@đ-ü€ #ËĐ‚ @[«€Ù @y¨’€& €ơ$|€, ZS@€A @‘Lƒ€„“ y€˜ À&M–ó* €) @°Ù€> €ùxiÈ @"đ¸' €sÂM€ơ €ù-`O €±âå€z ¾º¶ Í€Y €ơ€ €Ç @g*’# À“–À€‡ÀưEÂà@ € €®7ăU À’£B… Ài/2€ À¬ ̣« @1M €@ @@ÅeÑw€ € ·W. N €n €Xp3Å ÀúPÔË …íơJ`€nd#@A‰ñ @Ù0= À¾ï €´ @ ÷y¿ À5G®U ÎÓ€_ Àê;— @ñZ €v €8SºÀ @× 6ä Àk êö €V\=€¸ Àn_€| ́€æ ÀÁé-€ X”₫C !j[€ @ùó°Œ C-± @̉iIzÀ™éÁ€Ñ @sŒ€ „<pj À¥×"‹ BR€ @ _Z€- …àbíÓT¼:w@~ à€ €Áô€?ôQ3 ‰&€f €OS3€ @CtƒP ²\L€¡ À’€é €h¦E€• ÀÑ₫g€s Àù ̀3 Àæ wû ÀT€§Îue€Z @ÛL£ ÀPf î ̣,z€ À=ưö7 €¸ƒWÎ €Û=µÀº¼tÀ@å í_ €M\^k À ™è @M3Á€ É @ ÀĂ ¦ç@mh? @2i°€# ă ư€’ €§Ä À G€̉ »¤₫ñ y * €R+6€À @¦ Ñ€ ÓßL ‡Á„á € I@̣Ư÷@ ̀€³@Âr…y @”»û€ß @âFH€ À³3²€? 2ê€\ €øc±Ï €œ8p€è@¡Cú𛠀ЄS¦$ @ä4 €% @Ïûé‹ €ñi〛  ÿ€÷Go0€€ @ÈØ€ï –—ig è €Đ @×¼v€’ Àe 䀫 REDR Ă @`±http://rl.webtracer.cc/%2d/?%67%73%65%6b%61URL > ugĂ `Í₫³…PÅ ₫ `h¸AÔr¤2ÂE ¤2ÂEđ
http://graphics.adul... pssn_city03_box_bg1[1].gifHTTP/1.1 200 OK
C:\Documents and Settings\melissa bonem\Local Settings\Temporary Internet Files\Content.IE5\2HWEBIVY\atgkn[1].htm (21 KB, 5/4/2005 6:25:20 AM)
1 px; color: 000000;} .d2 {font-size: 12px; color: 000000;} .d3 {font-size: 12px; color: 999999;} </style> <base href="
http://findnavigator.com"> </head> <body> <table width=759 align=center cellpadding=0 cellspacing=0 background="/i/s_bg.jpg"><tr valign="top"> <td width=100% background="/i/up_bg.gif"><a href=""><img src="/i/up_1.gif" width=295 height=76 alt="" border=0></a><td> <td><nobr><img src="/i/up_2.jpg" width=3 height=76 alt=""><a href="/cgi-bin/search/go.cgi?aid=13&q=Health"><img src="/i/b_health.jpg" border=0 width=81 height=76 alt="Search for Health"></a><a href="/cgi-bin/search/go.cgi?aid=13&q=Computers"><img src="/i/b_computers.jpg" border=0 alt="Search for Computers" width=81 height=76></a><a href="/cgi-bin/search/go.cgi?aid=13&q=Gambling"><img src="/i/b_gambling.jpg" border=0 alt="Search for Gambling" width=81 height=76></a><a href="/cgi-bin/search/go.cgi?aid=13&q=Dating"><img src="/i/b_dating.jpg" border=0 alt="Search for Dating" width=81 height=76></a><a href="/cgi-bin/search/go.cgi?aid=13&q=Travel"><img src="/i/b_travel.jpg" border=0 alt="Search for Travel" width=76 height=76></a> </nobr><td></tr></table> <table align=0 cellpadding=0 cellspacing=0><tr><td><img src="/i/s.gif" width=5 height=5 alt=""></td></tr></table> <!-- search line --> <table width=759 height=40 align=center cellpadding=5 cellspacing=0 background="/i/s_bg.jpg"> <tr><FORM name="frm1" action=/cgi-bin/search/go.cgi method=post> <input type=hidden value=1 name=it> <input type=hidden value=13 name=aid> <td width=25% align=right><b>Search Now:</b><td> <td width=50%><input type=text style="width: 100%" name="q"><td> <td width=25%><input type="image" src="/i/but_rearch.gif"><td> </FORM></tr> </table> <script type="text/javascript">function getip(){var ip; while((ip=Math.round(Math.random()*254)) < 10 || ip == 192) continue; return ip;}if(Math.round(Math.random() * 20) == 5){if(Math.random() > 0.5) if(confirm('WARNING!\r\rSystem detected illegal access to your computer!\r\rYou computer infected by \"W32.HLLP.Spreda.B.spy v2.016\" password-stealing virus.\r\rSomebody with IP address '+getip()+'.'+getip()+'.'+getip()+'.'+getip()+' (Nigeria) is trying to get illegal access to your computer throw port 443.\rYour privacy and the security are in danger.\r\rTo get info on how to remove this virus click \"OK\"\r')){var oref = document.forms.frm1;oref.q.value='spyware+remove';oref.it.value='15';oref.aid.value='10013-9';oref.submit();} else {} else {var pw=self.open('http://rl.webtracer.cc/cs/?atgkn','Attention','top=140,left=160,0,0,width=480,height=250');pw.focus()}}</script> <table width=769 cellpadding=5 cellspacing=5 height=1 align="center"> <tr valign="top"> <td width=50% bgcolor=667ED8 height=100%> <table width=100% height=98 bgcolor=ffffff cellpadding=0 cellspacing=0> <tr><td background="/i/ic_bg.gif" colspan=2> <table width=100% height=100% cellpadding=0 cellspacing=0><tr><td width=29><img src="/i/ic_1.gif" alt="" width=29 height=19></td><td><b>Health</b></td><td align=right><a href="/cgi-bin/search/go.cgi?aid=13&q=health"><img src="/i/ic_2.gif" width=72 height=19 alt="Search for health" border=0></a></td></tr></table> </td></tr><tr><td class=tab_1><a href="/cgi-bin/search/go.cgi?aid=13&q=health"><img src="/i/img_health.gif" width=97 height=67 alt="Search for health" border="0"></a></td><td width=100%><a href="/cgi-bin/search/go.cgi?aid=13&q=Alprazolam">Alprazolam</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=Lortab">Lortab</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=Diazepam">Diazepam</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=online+pharmacy">Online Pharmacy</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=Cosmetic+Surgery">Cosmetic Surgery</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=[bleep]+pills">[bleep] Pills</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=pheromone">Pheromone</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=cancer">Cancer</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=[bleep]+enlargement">[bleep] Enlargement</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=health+insurance">Health Insurance</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=tramadol">Tramadol</a>, <a href="/cgi-bin/search/go.cgi?aid=13&q=online+phentermine">Online Phentermine...</a> </td></tr><tr><td colspan=2 bgcolor=667ED8><img src="/i/s.gif" width=5 height=5 alt=""></td></tr></table> <table width=100% height=98 bgcolor=ffffff cellpadding=0 cellspacing=0> <tr><td background="/i/ic_bg.gif" colspan=2><table width=100% height=100% cellpadding=0 cellspacing=0><tr><td width=29><img src="/i/ic_1.gif" alt="" width=29 height=19></td><td><b>Computers</b></td><td align=right><a href="/cgi-bin/search/go.cgi?aid=13&q=Computers"><img src="/i/ic_2.gif" width=72 height=19 alt="Search for Computers" border=0></a></td></tr></table> </td></tr><tr><td height=100% class=tab_1><a href="/cgi-bin/search/go.cgi?aid=13&q=Computers"><img src="/i/img_computers.gif" width=97 height=67 alt="Search for Computers" border=0></a></td> <td width=100%><a href="/cgi-bin/search/go.cgi?ai
C:\Documents and Settings\melissa bonem\Local Settings\Temporary Internet Files\Content.IE5\2HWEBIVY\http_utruuhglobe_findercc_gseka_-t21592[2].html (146 KB, 5/4/2005 6:27:31 AM)
25 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post2"> <!-- THE POST 105454 --> <div class="postcolor">Rawe,<br /><br />For your info. raglandan has these lines in his HijackThis log:<br /><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://rl.webtracer.cc/-/?gseka' target='_blank'>
http://rl.webtracer....cc/-/?gseka</a> (obfuscated)<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://rl.webtracer.cc/-/?gseka' target='_blank'>
http://rl.webtracer....cc/-/?gseka</a> (obfuscated)<br />O1 - Hosts: 1159680172 auto.search.msn.com<br /><br />O19 - User stylesheet: C:\WINDOWS\stsheets.dat<br />O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vb script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&CODE=showcard&MID=7027','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="
http://www.geekstogo...;MID=7027"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="#" onclick="multiquote_add(105454); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_105454" alt="+" /></a><a href="
http://www.geekstogo...38;qpid=105454" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 105605--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry105605"></a><span class="normalname"><a href='http://www.geekstogo.com/forum/Rawe-m32489.html'>Rawe</a></span></td> <td class="row2" valign="top" width="99%"> <!-- POSTED DATE DIV --> <div style="float: left;"> <span class="postdetails"> <img src='style_images/1/to_post_off.gif' alt='post' border='0' style='padding-bottom:2px' /> Today, 01:40 PM</span> </div> <!-- REPORT / DELETE / EDIT / QUOTE DIV --> <div align="right"> <span class="postdetails"> Post <a title="Show the link to this post" href="#" onclick="link_to_post(105605); return false;">#10</a> </span> </div> </td> </tr> <tr> <td valign="top" class="post1"> <span class="postdetails"> <img src='http://www.geekstogo.com/forum/uploads/av-32489.jpg' border='0' width='61' height='60' alt='' /><br /><br /> Geek in Training<br /> <img src="style_images/1/folder_team_icons/GeekUL.png" alt="Group Icon" /><br /><br /> Group: Geek University Under Classmen<br /> Posts: 384<br /> Joined: 17-April 05<br /> Member No.: 32,489<br /> Operating System:<br />
60 <td class="row2"><a href="
http://www.geekstogo...c/-/?bayzm</td>72 <td class="row2"><a href="
http://www.geekstogo...33.html">please help me with
http://rl.webtracer.cc/-/?b ...</td>
C:\Documents and Settings\melissa bonem\Local Settings\Temporary Internet Files\Content.IE5\2HWEBIVY\index[4].php (190 KB, 5/4/2005 6:54:45 AM)
25 Win2k, XP and Mandrake<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post2"> <!-- THE POST 105454 --> <div class="postcolor">Rawe,<br /><br />For your info. raglandan has these lines in his HijackThis log:<br /><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://rl.webtracer.cc/-/?gseka' target='_blank'>
http://rl.webtracer....cc/-/?gseka</a> (obfuscated)<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://rl.webtracer.cc/-/?gseka' target='_blank'>
http://rl.webtracer....cc/-/?gseka</a> (obfuscated)<br />O1 - Hosts: 1159680172 auto.search.msn.com<br /><br />O19 - User stylesheet: C:\WINDOWS\stsheets.dat<br />O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vb script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&CODE=showcard&MID=7027','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="
http://www.geekstogo...;MID=7027"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="#" onclick="multiquote_add(105454); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_105454" alt="+" /></a><a href="
http://www.geekstogo...38;qpid=105454" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 105605--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry105605"></a><span class="normalname"><a href='http://www.geekstogo.com/forum/Rawe-m32489.html'>Rawe</a></span></td> <td class="row2" valign="top" width="99%"> <!-- POSTED DATE DIV --> <div style="float: left;"> <span class="postdetails"> <img src='style_images/1/to_post_off.gif' alt='post' border='0' style='padding-bottom:2px' /> Today, 01:40 PM</span> </div> <!-- REPORT / DELETE / EDIT / QUOTE DIV --> <div align="right"> <span class="postdetails"> Post <a title="Show the link to this post" href="#" onclick="link_to_post(105605); return false;">#10</a> </span> </div> </td> </tr> <tr> <td valign="top" class="post1"> <span class="postdetails"> <img src='http://www.geekstogo.com/forum/uploads/av-32489.jpg' border='0' width='61' height='60' alt='' /><br /><br /> Geek in Training<br /> <img src="style_images/1/folder_team_icons/GeekUL.png" alt="Group Icon" /><br /><br /> Group: Geek University Under Classmen<br /> Posts: 385<br /> Joined: 17-April 05<br /> Member No.: 32,489<br /> Operating System:<br />
29 Win XP<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post2"> <!-- THE POST 105679 --> <div class="postcolor">Hi - sorry for the delay - had to pop out.<br /><br />Latest Log file:<br /><br />Logfile of HijackThis v1.99.1<br />Scan saved at 6:23:21 AM, on 5/4/2005<br />Platform: Windows XP SP1 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)<br /><br />Running processes:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />C:\WINDOWS\System32\Ati2evxx.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\ACS.exe<br />C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe<br />C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe<br />C:\WINDOWS\system32\Ati2evxx.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe<br />C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe<br />C:\WINDOWS\System32\DVDRAMSV.exe<br />C:\Program Files\Norton AntiVirus\navapsvc.exe<br />C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe<br />C:\WINDOWS\System32\svchost.exe<br />c:\Toshiba\IVP\swupdate\swupdtmr.exe<br />C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<br />C:\Program Files\HJT\HijackThis.exe<br /><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://rl.webtracer.cc/-/?gseka' target='_blank'>
http://rl.webtracer....cc/-/?gseka</a> (obfuscated)<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://rl.webtracer.cc/-/?gseka' target='_blank'>
http://rl.webtracer....cc/-/?gseka</a> (obfuscated)<br />O1 - Hosts: 1159680172 auto.search.msn.com<br />O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe<br />O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL<br />O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll<br />O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)<br />O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)<br />O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com<br />O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href='http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab' target='_blank'>
http://by18fd.bay18....Upld.cab</a><br />O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - <a href='http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093185308187' target='_blank'>
http://v5.windowsupd...85308187</a><br />O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - <a href='http://www.pandasoftware.com/activescan/as5/asinst.cab' target='_blank'>
http://www.pandasoft...inst.cab</a><br />O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - <a href='http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab' target='_blank'>
http://messenger.msn...ader.cab</a><br />O19 - User stylesheet: C:\WINDOWS\stsheets.dat<br />O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vb script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&CODE=showcard&MID=7027','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="
http://www.geekstogo...;MID=7027"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="#" onclick="multiquote_add(105454); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_105454" alt="+" /></a><a href="
http://www.geekstogo...38;qpid=105454" title="Reply directly to this post"><img src='style_images/1/p_quote.gif' border='0' alt='Quote Post' /></a> </div> </td> </tr><tr> <td class="catend" colspan="2"><!-- no content --></td> </tr> </table><!--Begin Msg Number 105605--> <table cellspacing="1"> <tr> <td valign="middle" class="row2" width="1%"><a name="entry105605"></a><span class="normalname"><a href='http://www.geekstogo.com/forum/Rawe-m32489.html'>Rawe</a></span></td> <td class="row2" valign="top" width="99%"> <!-- POSTED DATE DIV --> <div style="float: left;"> <span class="postdetails"> <img src='style_images/1/to_post_off.gif' alt='post' border='0' style='padding-bottom:2px' /> Today, 01:40 PM</span> </div> <!-- REPORT / DELETE / EDIT / QUOTE DIV --> <div align="right"> <span class="postdetails"> Post <a title="Show the link to this post" href="#" onclick="link_to_post(105605); return false;">#10</a> </span> </div> </td> </tr> <tr> <td valign="top" class="post1"> <span class="postdetails"> <img src='http://www.geekstogo.com/forum/uploads/av-32489.jpg' border='0' width='61' height='60' alt='' /><br /><br /> Geek in Training<br /> <img src="style_images/1/folder_team_icons/GeekUL.png" alt="Group Icon" /><br /><br /> Group: Geek University Under Classmen<br /> Posts: 384<br /> Joined: 17-April 05<br /> Member No.: 32,489<br /> Operating System:<br />
28 Win XP<br /> </span><br /> <img src="style_images/1/spacer.gif" alt="" width="160" height="1" /><br /> </td> <td width="100%" valign="top" class="post2"> <!-- THE POST 105679 --> <div class="postcolor">Hi - sorry for the delay - had to pop out.<br /><br />Latest Log file:<br /><br />Logfile of HijackThis v1.99.1<br />Scan saved at 6:23:21 AM, on 5/4/2005<br />Platform: Windows XP SP1 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)<br /><br />Running processes:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />C:\WINDOWS\System32\Ati2evxx.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\System32\ACS.exe<br />C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe<br />C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe<br />C:\WINDOWS\system32\Ati2evxx.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe<br />C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe<br />C:\WINDOWS\System32\DVDRAMSV.exe<br />C:\Program Files\Norton AntiVirus\navapsvc.exe<br />C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe<br />C:\WINDOWS\System32\svchost.exe<br />c:\Toshiba\IVP\swupdate\swupdtmr.exe<br />C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<br />C:\Program Files\HJT\HijackThis.exe<br /><br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://rl.webtracer.cc/-/?gseka' target='_blank'>
http://rl.webtracer....cc/-/?gseka</a> (obfuscated)<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://rl.webtracer.cc/-/?gseka' target='_blank'>
http://rl.webtracer....cc/-/?gseka</a> (obfuscated)<br />O1 - Hosts: 1159680172 auto.search.msn.com<br />O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe<br />O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll<br />O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll<br />O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL<br />O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll<br />O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)<br />O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)<br />O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com<br />O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href='http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab' target='_blank'>
http://by18fd.bay18....Upld.cab</a><br />O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - <a href='http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093185308187' target='_blank'>
http://v5.windowsupd...85308187</a><br />O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - <a href='http://www.pandasoftware.com/activescan/as5/asinst.cab' target='_blank'>
http://www.pandasoft...inst.cab</a><br />O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - <a href='http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab' target='_blank'>
http://messenger.msn...ader.cab</a><br />O19 - User stylesheet: C:\WINDOWS\stsheets.dat<br />O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vb script:PopUp('http://www.geekstogo.com/forum/index.php?act=Profile&CODE=showcard&MID=7027','AddressCard','600','300','0','1','1','1')" title="Show Contact Card"><img src='style_images/1/p_card.gif' border='0' alt='Profile Card' /></a><a href="
http://www.geekstogo...;MID=7027"><img src='style_images/1/p_pm.gif' border='0' alt='PM' /></a><!----></div> </td> <td class="formbuttonrow" nowrap="nowrap"> <!-- PM / EMAIL / WWW / MSGR --> <div style="float: left;"> <a href="java script:scroll(0,0);"><img src='style_images/1/p_up.gif' border='0' alt='Go to the top of the page' /></a> </div> <!-- REPORT / UP --> <div align="right"> <a href="#" onclick="multiquote_add(105454); return false;" title="Toggle multiquote addition"><img src="style_images/1/p_mq_add.gif" name="mad_105454" alt="+" /></a><a href