Don77, Here are the logs....
smitrem log:
smitRem log file
version 2.3
by noahdfear
The current date is: Mon 08/22/2005
The current time is: 19:55:28.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
CLEAN!
---------------------------------------------------------------------------------------------
Ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:11:40 PM, 8/22/2005
+ Report-Checksum: E8905F09
+ Scan result:
:mozilla.22:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\yp6fdptu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.23:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\yp6fdptu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.24:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\yp6fdptu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.25:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\yp6fdptu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.26:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\yp6fdptu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.27:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\yp6fdptu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.70:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\yp6fdptu.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\942E17E0-879F-4BD8-B27C-38433A\0992C86F-DC97-4B2D-AA6E-2D9BB7 -> Spyware.Zbar : Cleaned without backup
C:\WINDOWS\system32\explorer6s4.exe -> TrojanDownloader.Small.biq : Cleaned without backup
C:\WINDOWS\system32\vxgame4.exe -> TrojanDownloader.Small.biq : Cleaned without backup
::Report End
-----------------------------------------------------------------------------------------------
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 1:05:33 AM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\Explorer.EXE
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ThinPrint Client\Thnclnt32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iomega Startup Options] d:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] d:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] d:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run hotfix bat file.lnk = C:\Program Files\REX2XCU\msxml3 hotfix\runhfix.bat
O4 - Global Startup: ThinPrint Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...l_v1-0-3-24.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) -
http://costco.intern...x/PCAXSetup.cab?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lin.com
O17 - HKLM\Software\..\Telephony: DomainName = Lin.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Lin.com
O21 - SSODL: AdLib eXpress - {F3137139-30CF-1671-C396-0102FC8C4343} - d:\program files\adlib\adlib express\winkmxcdi8.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
---------------------------------------------------------------------------------------------
Activescan log:
Incident Status Location
Adware:adware/azesearch No disinfected C:\Documents and Settings\james\Favorites\Leisure\Anime sites.url
Adware:adware/adsmart No disinfected C:\WINDOWS\system32\vx.tll
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\vxgame2.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\vxgame6.exe
----------------------------------------------------------------------------------------------