Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Popups by cpvfeed

Started by hegge , Nov 15 2005 05:36 AM

Please log in to reply

#1
hegge

Posted 15 November 2005 - 05:36 AM

New Member

Member
4 posts

Hello,

since a week or so I experience a lot of annoying popups. Before it opens the popup I can see an address in the top of the page containing "cpvfeed". I did all the steps in the guide ("must read before posting") but still experience the popups.

At home I have more problems with them, but the connection to the internet is okay. At work I have less popups, but I have a terrible connection. Pages tend to freeze and they only load when I swith to another program first (e.g. I first go to outlook, back to IE and than I can see the page). Another funny (huhum) thing is that I can see my keyboard icon disappearing and appearing when pages are being loaded.

I paste the logs from two scans (hijackthis and ewido).

Thanks for the support

Log from Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:21:12, on 15/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\TEMP\BH8A70.EXE
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINNT\RTHDCPL.EXE
C:\WINNT\ALCMTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\adtech2005.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\quki\qukim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\be322763\Desktop\Killbox and alike\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Siemens AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.atea.be:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isaproxy.be001.siemens.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sitest.net;*.siemens.net;*.siemens.de;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=CatUInit
O3 - Toolbar: Siemens Tel²U Toolbar - {F693F5A9-2B5C-4002-B538-301E86E3FD5A} - C:\WINNT\system32\Tel2UToolbar.dll
O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] c:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [Java Profiles Fix] C:\Program Files\Java\Profile Fix\Java_Profile.exe
O4 - HKLM\..\Run: [JavaProfileFix3] "C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\system32\kwinmsaz.exe DREU02
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [quki] C:\PROGRA~1\COMMON~1\quki\qukim.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\kwinmsaz.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.axa.be
O15 - Trusted Zone: *.dexia.be
O15 - Trusted Zone: *.erlm.siemens.de
O15 - Trusted Zone: *.fortisbanking.be
O15 - Trusted Zone: *.fujitsu-siemens.com
O15 - Trusted Zone: *.fujitsu-siemens.de
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: *.remedy.com
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.sapience.be
O15 - Trusted Zone: *.ww300.siemens.net
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c11.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_13) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = be001.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = be001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = be001.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = be001.siemens.net
O20 - Winlogon Notify: ckpNotify - C:\WINNT\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Internet Settings - C:\WINNT\system32\guard.tmp
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\lvn2095oe.dll (file missing)
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe

Log from Ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:01:33, 15/11/2005
+ Report-Checksum: 6643F713

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF74FE4DC5608844985125B9CF76D498 -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKU\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
[3952] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Cleaned with backup
[4040] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[3840] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[2072] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[2408] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[3452] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[628] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[648] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[2200] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[224] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[640] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[3808] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[1832] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[2928] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[4020] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[1340] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[2552] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[3236] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[800] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[2856] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[3168] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[2696] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[2264] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[2988] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
[3220] C:\PROGRA~1\COMMON~1\quki\qukia.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
[2864] C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Error during cleaning
C:\Documents and Settings\be322763\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXANWTQR\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\mte3ndi6odoxng.exe -> TrojanDownloader.Small.buy : Cleaned with backup
C:\Program Files\Common Files\quki\qukia.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.1\drsmartload100a.exe -> TrojanDownloader.VB.qr : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWFX5_0001_NI530211NetInstaller.exe -> Not-A-Virus.Downloader.Agent.f : Cleaned with backup
C:\WINNT\Downloaded Program Files\drsmartload100a.exe -> TrojanDownloader.VB.qr : Cleaned with backup
C:\WINNT\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINNT\Downloaded Program Files\UWFX5_0001_NI530211NetInstaller.exe -> Not-A-Virus.Downloader.Agent.f : Cleaned with backup
C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\asappsrv.dll -> Spyware.CommAd : Cleaned with backup
C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINNT\system32\mwxml4.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\wqerrenu.dll -> Spyware.Look2Me : Cleaned with backup
U:\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXANWTQR\mm[2].js -> Spyware.Chitika : Cleaned with backup

::Report End

#2
Buckeye_Sam

Posted 17 November 2005 - 02:07 PM

Malware Expert

Member
10,019 posts

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

#3
hegge

Posted 21 November 2005 - 02:57 AM

New Member

Topic Starter
Member
4 posts

Here is an updated logfile. I haven't fixed the problem at the moment. I downloaded a trial version of Norton 2006 Antivirus. This found some problems and fixed them, but not all is finished. One weird thing: he finds 4 risks (example) and when I do a remove only 3 are removed.

I'll include the reports from security risks, alerts and applications activities.

Thanks for the support and sorry for my late reply (didn't have internet access)

Logfile of HijackThis v1.99.1
Scan saved at 9:47:36, on 21/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\TEMP\OQF8FC.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINNT\RTHDCPL.EXE
C:\WINNT\ALCMTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\be322763\Desktop\Killbox and alike\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.siemen...bin/iesearch.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Siemens AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://isaproxy.be00....Routing.Script
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isaproxy.be001.siemens.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sitest.net;*.siemens.net;*.siemens.de;<local>
F2 - REG:system.ini: UserInit=CatUInit
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Siemens Tel²U Toolbar - {F693F5A9-2B5C-4002-B538-301E86E3FD5A} - C:\WINNT\system32\Tel2UToolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] c:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [Java Profiles Fix] C:\Program Files\Java\Profile Fix\Java_Profile.exe
O4 - HKLM\..\Run: [JavaProfileFix3] "C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.axa.be
O15 - Trusted Zone: *.dexia.be
O15 - Trusted Zone: *.erlm.siemens.de
O15 - Trusted Zone: *.fortisbanking.be
O15 - Trusted Zone: *.fujitsu-siemens.com
O15 - Trusted Zone: *.fujitsu-siemens.de
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: *.remedy.com
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.sapience.be
O15 - Trusted Zone: *.erlm.siemens.de
O15 - Trusted Zone: *.ww300.siemens.net
O15 - Trusted Zone: *.the-square.com
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c11.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_13) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = be001.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = be001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = be001.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = be001.siemens.net
O20 - Winlogon Notify: ckpNotify - C:\WINNT\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Internet Settings - C:\WINNT\
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\lvn2095oe.dll (file missing)
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe

Security Risks (Norton)
Category: Security risks
Date Time,Feature,Risk Name,Result,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
21/11/2005 8:07:15,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511200006,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVIDXNZY2HLCMUGTWFHCNRLBG\ASAPPSRV.DLL,Risk category: Spyware,Action taken: Detected"
20/11/2005 18:00:42,Virus scanner,Adware.EasyWWW,Removed,File,N/A,N/A,200511190004,12.0.0.94b,SYSTEM,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: c:\windows\timessquare.exe - Deleted 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\timessquare - Deleted "
20/11/2005 15:27:37,Auto-Protect,Adware.EasyWWW,Detected,File,N/A,N/A,200511190004,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\7142057C.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 15:27:37,Auto-Protect,Adware.EasyWWW,Detected,File,N/A,N/A,200511190004,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\7142057C.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 14:16:37,Auto-Protect,Adware.Savenow,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\VVSNInst.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 14:16:25,Auto-Protect,Adware.Savenow,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\VVSNInst.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 14:16:25,Auto-Protect,Adware.Savenow,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\~GLH000d.TMP,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:49,Virus scanner,Adware.SP2Update,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 2 Files: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe - Deleted C:\windows\adtech2005.exe - Deleted 1 Processes: C:\windows\adtech2005.exe - Terminated 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\adtech2005 - Deleted "
20/11/2005 13:47:49,Virus scanner,Spyware.ISearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Spyware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 2 Files: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe - Deleted C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe - Deleted 7 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search - Deleted HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected "
20/11/2005 13:47:49,Virus scanner,Adware.Istbar,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Low,Removal: Low,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe - Deleted 2 Registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409 - Repaired HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}\409 - Repaired "
20/11/2005 13:47:22,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QM6T.00G,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:22,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:22,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QCGD.00D,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:22,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\248459EF.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:21,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QKUD.00F,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:21,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\248459EF.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:21,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS97O05.00O,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:20,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\248459EF.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:45:34,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:45:32,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
20/11/2005 13:45:32,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\23232373.exe,Risk category: Spyware,Action taken: Detected"
20/11/2005 13:45:32,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\23232373.exe,Risk category: Spyware,Action taken: Detected"
20/11/2005 13:44:13,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:33,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:32,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe,Risk category: Spyware,Action taken: Detected"
20/11/2005 13:42:30,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:30,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QJ8D.00H,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:30,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:27,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 21:36:57,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 21:36:49,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINDOWS\ADTECH2005.EXE,Risk category: Adware,Action taken: Detected"
19/11/2005 21:36:48,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QCGD.00B,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:29:10,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 10:28:54,Virus scanner,Spyware.ISearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Spyware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 6 Registry keys: HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected "
19/11/2005 10:25:45,Virus scanner,Spyware.ISearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Spyware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe - Deleted 9 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search - Deleted HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search - Deleted HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search - Deleted HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected 1 Services: cmdService - Reboot required "
19/11/2005 10:23:24,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 10:23:24,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\3A49208E.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 10:23:24,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\3A49208E.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:35:59,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:35:49,Virus scanner,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Spyware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Detected,Description: Possibly affected areas: 3 Files: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe 1 Processes: C:\Program Files\Internet Explorer\iexplore.exe 9 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} 1 Services: cmdService "
19/11/2005 9:35:49,Virus scanner,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Low,Removal: Low,Stealth: High,Action taken: Detected,Description: Possibly affected areas: 1 Files: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe 1 Processes: C:\Program Files\Internet Explorer\iexplore.exe 2 Registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}\409 "
19/11/2005 9:33:40,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:31:06,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:31:05,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:31:04,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\mte3ndi6odoxng.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:31:03,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:31:01,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:49,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:48,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\is-HNG32.tmp,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:47,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\is-SFS1M.tmp,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:46,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:46,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\mte3ndi6odoxng.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:43,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:42,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:36,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\mte3ndi6odoxng.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:36,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QJ8D.001,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:36,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\mte3ndi6odoxng.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:35,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QM6T.000,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:35,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:34,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:34,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QKGT.001,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:34,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:33,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QLPD.001,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:31,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:31,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe,Risk category: Adware,Action taken: Detected"
16/11/2005 20:56:06,Virus scanner,Adware.MediaPass,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Medium,Privacy: Low,Removal: High,Stealth: Medium,Action taken: Removed,Description: Affected areas: 3 Registry keys: HKEY_CLASSES_ROOT\CLSID\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} - Deleted HKEY_CLASSES_ROOT\MediaGatewayX.Installer - Deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager - Deleted "
16/11/2005 20:56:06,Virus scanner,Adware.Istbar,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Low,Removal: Low,Stealth: High,Action taken: Removed,Description: Affected areas: 3 Registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net - Deleted HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409 - Repaired HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}\409 - Repaired "
16/11/2005 20:56:06,Virus scanner,Adware.180Search,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Medium,Removal: High,Stealth: Low,Action taken: Removed,Description: Affected areas: 6 Registry keys: HKEY_USERS\S-1-5-19\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-20\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\.DEFAULT\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected "
16/11/2005 20:05:05,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4VC3D.006,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS97V05.004,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4SQ8D.003,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4SQLT.001,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4VCUD.004,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4VCGT.002,Risk category: Adware,Action taken: Detected"
16/11/2005 20:04:51,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4VC3D.005,Risk category: Adware,Action taken: Detected"
16/11/2005 20:04:51,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4SQ8D.002,Risk category: Adware,Action taken: Detected"
16/11/2005 20:04:50,Auto-Protect,Adware.MediaPass,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4SQLT.000,Risk category: Adware,Action taken: Detected"
16/11/2005 11:35:23,Virus scanner,Adware.SP2Update,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: C:\windows\adtech2005.exe - No action required 1 Processes: C:\windows\adtech2005.exe - No action required 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\adtech2005 - No action required "
16/11/2005 11:35:23,Virus scanner,Adware.180Search,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Medium,Removal: High,Stealth: Low,Action taken: Removed,Description: Affected areas: 2 Files: C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll - No action required C:\temp - No action required 8 Registry keys: HKEY_USERS\S-1-5-19\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-20\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\.DEFAULT\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_CLASSES_ROOT\CLSID\{93CECBB2-6B1B-448D-91B9-72604EF70105} - No action required HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{93CECBB2-6B1B-448D-91B9-72604EF70105} - No action required "
16/11/2005 11:35:23,Virus scanner,Adware.TargetSaver,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Medium,Privacy: Medium,Removal: Medium,Stealth: High,Action taken: Removed,Description: Affected areas: 2 Files: C:\Program Files\Common Files\quki\qukim.exe - No action required C:\WINNT\system32\tsuninst.exe - No action required 1 Processes: C:\Program Files\Common Files\quki\qukim.exe - No action required 1 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Run\quki - No action required "
16/11/2005 11:35:23,Virus scanner,Adware.ZenoSearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Low,Privacy: High,Removal: Low,Stealth: High,Action taken: Removed,Description: Affected areas: 4 Files: c:\WINNT\system32\kwinmsaz.exe - No action required C:\Documents and Settings\be322763\Start Menu\Programs\Startup\Zeno.lnk - No action required C:\WINNT\system32\zxdnt3d.cfg - No action required C:\Documents and Settings\be322763\Start Menu\Programs\Startup\Zeno.lnk - No action required 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BrowserUpdateSched - No action required "
16/11/2005 11:34:49,Virus scanner,Adware.SP2Update,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: C:\windows\adtech2005.exe - Deleted 1 Processes: C:\windows\adtech2005.exe - Terminated 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\adtech2005 - Deleted "
16/11/2005 11:34:49,Virus scanner,Adware.180Search,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Medium,Removal: High,Stealth: Low,Action taken: Removed,Description: Affected areas: 3 Files: C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll - Deleted C:\Program Files\180search Assistant Programs\180search Toolbar\180STUninstaller.exe - Deleted C:\temp - Deleted 8 Registry keys: HKEY_USERS\S-1-5-19\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-20\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\.DEFAULT\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_CLASSES_ROOT\CLSID\{93CECBB2-6B1B-448D-91B9-72604EF70105} - Deleted HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{93CECBB2-6B1B-448D-91B9-72604EF70105} - Deleted "
16/11/2005 11:34:49,Virus scanner,Adware.Look2Me,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: Medium,Privacy: Medium,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 2 Files: C:\WINNT\system32\gp8ml3l11.dll - Deleted c:\WINNT\system32\guard.tmp - Deleted 1 Registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings\DLLName - Deleted "
16/11/2005 11:34:49,Virus scanner,Adware.TargetSaver,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Medium,Privacy: Medium,Removal: Medium,Stealth: High,Action taken: Removed,Description: Affected areas: 5 Files: C:\Program Files\Common Files\quki\qukim.exe - Deleted C:\Program Files\Common Files\quki\qukil.exe - Deleted C:\Program Files\Common Files\quki\qukip.exe - Deleted C:\stub_113_4_0_4_0.exe - Deleted C:\WINNT\system32\tsuninst.exe - Deleted 1 Processes: C:\Program Files\Common Files\quki\qukim.exe - Terminated 1 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Run\quki - Deleted "
16/11/2005 11:34:49,Virus scanner,Adware.ZenoSearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Low,Privacy: High,Removal: Low,Stealth: High,Action taken: Removed,Description: Affected areas: 7 Files: c:\WINNT\system32\kwinmsaz.exe - Deleted C:\inst_dreu02.exe - Deleted C:\WINNT\system32\dwdsregt.exe - Deleted C:\WINNT\system32\rldsregs.exe - Deleted C:\Documents and Settings\be322763\Start Menu\Programs\Startup\Zeno.lnk - Deleted C:\WINNT\system32\zxdnt3d.cfg - Deleted C:\Documents and Settings\be322763\Start Menu\Programs\Startup\Zeno.lnk - No action required 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BrowserUpdateSched - Deleted "
16/11/2005 11:34:03,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:03,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\05F93B91.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:03,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\05F93B91.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:03,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QV3D.02B,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\180search Assistant Programs\180search Toolbar\180STUninstaller.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS96R05.01G,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4R0PD.021,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\05F36799.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QULT.01J,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\05F36799.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QU8D.025,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\05F36799.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4R0BT.01S,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:59,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4R0BT.01R,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:59,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\stub_113_4_0_4_0.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:58,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QV3D.02A,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:58,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\Common Files\quki\qukip.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:58,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4R0PD.020,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:58,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\Common Files\quki\qukil.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:57,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QVGT.01N,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:57,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\Common Files\quki\qukim.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:57,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS96R05.01F,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:57,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\05DF6BAE.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:56,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QNGD.021,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:56,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\05DF6BAE.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:56,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QVUD.01N,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:55,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,2005

#4
Buckeye_Sam

Posted 21 November 2005 - 05:14 PM

Malware Expert

Member
10,019 posts

First I want to caution your strongly against running two antivirus programs at the same time. Especially Norton with any other antivirus program. This can cause problems. I advise you to uninstall one of your antivirus programs.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c11.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_13) -
O20 - Winlogon Notify: Internet Settings - C:\WINNT\
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\lvn2095oe.dll (file missing)

Delete this file.

C:\WINNT\ALCMTR.EXE

Delete this folder, if present.

C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg

Delete your temp files

Navigate to the C:\WINNT\Temp folder.
- Open the Temp folder
- Select Edit -> Select All
- Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
Click Start -> Run and type %temp% in the Run box.
- Select Edit -> Select All
- Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
Click Start -> Control Panel -> Internet Options.
- Select the General tab
- Under "Temporary Internet Files" Click "Delete Files".
- Put a check by "Delete Offline Content" and click OK.
- Click on the Programs tab then click the "Reset Web Settings" button.
- Click Apply then OK.
Empty the Recycle Bin.

Run a full scan with Ewido.

Reboot and post a new hijackthis log and the log from Ewido.

#5
hegge

Posted 22 November 2005 - 05:32 AM

New Member

Topic Starter
Member
4 posts

Hello,

did the steps you asked. The only thing I couldn't delete from my WINNT\Temp was a file called "VP58D2" (got an access denied message). Here are the logs from HijackThis and Ewido.

Logfile of HijackThis v1.99.1
Scan saved at 12:28:08, on 22/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\TEMP\VP58D2.EXE
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\be322763\Desktop\Killbox and alike\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.siemen...bin/iesearch.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Siemens AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://isaproxy.be00....Routing.Script
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isaproxy.be001.siemens.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sitest.net;*.siemens.net;*.siemens.de;<local>
F2 - REG:system.ini: UserInit=CatUInit
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Siemens Tel²U Toolbar - {F693F5A9-2B5C-4002-B538-301E86E3FD5A} - C:\WINNT\system32\Tel2UToolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] c:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [Java Profiles Fix] C:\Program Files\Java\Profile Fix\Java_Profile.exe
O4 - HKLM\..\Run: [JavaProfileFix3] "C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.axa.be
O15 - Trusted Zone: *.dexia.be
O15 - Trusted Zone: *.erlm.siemens.de
O15 - Trusted Zone: *.fortisbanking.be
O15 - Trusted Zone: *.fujitsu-siemens.com
O15 - Trusted Zone: *.fujitsu-siemens.de
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: *.remedy.com
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.sapience.be
O15 - Trusted Zone: *.erlm.siemens.de
O15 - Trusted Zone: *.ww300.siemens.net
O15 - Trusted Zone: *.the-square.com
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = be001.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = be001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = be001.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = be001.siemens.net
O20 - Winlogon Notify: ckpNotify - C:\WINNT\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:25:25, 22/11/2005
+ Report-Checksum: B8EB034E

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF74FE4DC5608844985125B9CF76D498 -> Dialer.Generic : Cleaned with backup

::Report End

Thanks for your support already.

#6
Buckeye_Sam

Posted 22 November 2005 - 08:19 PM

Malware Expert

Member
10,019 posts

Your log looks pretty good.

How are things on your end?
Are you still having problems?

#7
hegge

Posted 23 November 2005 - 01:33 AM

New Member

Topic Starter
Member
4 posts

The pop-ups have stopped, but Norton warns me about something which tries to alter my home page. And sometimes on a spyware (spywareIsearch and spyarcade), but I'll do a spybot and ad-aware check again.

Thanks for the help.