Logfile of HijackThis v1.99.1
Scan saved at 9:21:01 AM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Rick\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll (file missing)
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Land Desktop 3\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Land Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Land Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Land Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3701F2E5-4815-4F26-B495-4DD675D1B520}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6BF8EE8-EEDA-4B04-848E-70C63B3ADF49}: NameServer = 207.69.188.186,207.69.188.185
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
PANDA LOG
Incident Status Location
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3c86ff70.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3c86ff70.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3c86ff70.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3c86ff70.zip[NewURLClassLoader.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3ce7aa1-424ff6e4.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3ce7aa1-424ff6e4.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3ce7aa1-424ff6e4.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-3ce7aa1-424ff6e4.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv655.jar-7f3bac15-4a978109.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv655.jar-7f3bac15-4a978109.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv655.jar-7f3bac15-4a978109.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Rick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv655.jar-7f3bac15-4a978109.zip[Parser.class]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Rick\Cookies\rick@888[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Rick\Cookies\rick@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rick\Cookies\rick@belnk[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Rick\Cookies\[email protected][1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Rick\Cookies\[email protected][1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Rick\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Rick\Cookies\rick@ccbill[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Rick\Cookies\rick@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rick\Cookies\[email protected][2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Rick\Cookies\rick@kinghost[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Rick\Cookies\[email protected][2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Rick\Cookies\rick@toplist[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Rick\Cookies\rick@webpower[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Rick\Cookies\rick@winfixer[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Rick\Cookies\rick@yadro[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rick\Desktop\treys download\smitRem\Process.exe
Adware:Adware/SpywareStrike Not disinfected C:\Documents and Settings\Rick\Local Settings\Temp\~nsu.tmp\Au_.exe
Adware:Adware/SpywareStrike Not disinfected C:\WINDOWS\system32\wiatwain.dll
smitRem © log file
version 2.7
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 01/23/2006
The current time is: 7:58:45.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
Security Toolbar
~~~ Shortcuts ~~~
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!