Can't get rid of stubborn SpywareQuake virus alert from system tray

Unknown · June 2006

I've followed the instructions here -> http://www.short-media.com/forum/showthread.php?t=44053
in order to get rid of the SpywareQuake virus alert but it continues to flash the handicapped/no entry sign on my system tray! .

Ive also tried scanning using microsoft anti spyware, ad-aware and Spybot but nothing seems to help.

The following are logs frm SmitRem, HijackThis and Panda :

smitRem © log file
version 2.9

by noahdfear

Microsoft Windows 2000 [Version 5.00.2195]
"IE"="6.0000"
The current date is: Fri 06/02/2006
The current time is: 9:38:25.32

Running from
C:\Documents and Settings\s12876.S12876-PC-01\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 492 'explorer.exe'
Killing PID 492 'explorer.exe'
Error 0x5 : Access is denied.

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

Logfile of HijackThis v1.99.1
Scan saved at 9:30:48 AM, on 6/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\TEMP\OO97D1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\s12876.S12876-PC-01\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\s12876.S12876-PC-01\Desktop\msconfig.exe /auto
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Attachmate IBM Mainframe Display - http://200.1.31.112/HostAccess-Standard/JavaClient/3270View.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {44C7F862-906C-11D3-A8ED-0008C75B3588} (IEPAPI Class) - http://200.13.1.10/CyberDOCS/Plugins/papibrdg.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://200.13.1.10/CyberDOCS/Plugins/isetupml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FC4D6A5-5AF5-4A24-B748-D3C893BB7B2A}: NameServer = 200.15.14.14,200.15.14.16
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

Incident Status Location

Adware:Adware/SpywareQuake Not disinfected C:\WINNT\SYSTEM32\imfdfcj.dll
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\s12876\Cookies\s12876@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Profiles\default\15zquhq2.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Profiles\default\15zquhq2.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Profiles\default\15zquhq2.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[c3.gostats.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.com.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.atwola.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[.xmts.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\ijt7fle1.default\cookies.txt[statse.webtrendslive.com/dcs20gtwd2ag4xfaru69g3d2c_1z7j]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.belnk.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.overture.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.revenue.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[server.iad.liveperson.net/hc/28199518]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[server.iad.liveperson.net/hc/28199518]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.clickbank.net/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.gostats.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[c3.gostats.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.advertising.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.bfast.com/]
Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.abcsearch.com/]
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[c.enhance.com/]
Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.abcsearch.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.valueclick.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.2o7.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[server.iad.liveperson.net/hc/71648812]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\s12876\Application Data\Mozilla\Firefox\Profiles\e10vxv9s.Zura\cookies.txt[.mediaplex.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Desktop\smitRem\Process.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt[.statcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt[.xiti.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt[.com.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe

I'm not sure what else to do. I dloaded msconfig for Win2K and the only item that should appear on startup is my Trendmicro AV.

Pls help! Thank you.

Crunchie · June 2006

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

mono · June 2006

Ok result generated frm running that fix:

SmitFraudFix v2.53

Scan done at 10:55:27.45, Mon 06/05/2006
Run from C:\Documents and Settings\s12876.S12876-PC-01\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

C:\WINNT\system32\imfdfcj.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\s12876.S12876-PC-01\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\S12876~1.S12\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINNT\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINNT\system32\imfdfcj.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Crunchie · June 2006

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download Ewido Anti-Malware it is a free version of the program.

Install Ewido Anti-Malware
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Launch Ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

Close Ewido for now.
==============

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Close the program for now.
==================

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

1) Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2) Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it does force a restart, please reboot into Safe Mode again, in order to complete the following step. If it does not reboot, please remain in Safe Mode until further notice.

3) Launch Ewido from your Desktop :

Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close Ewido Anti-Malware.

4) Reboot your computer normally.

If SmitfraudFix did not force a reboot, then you should now see a text file appear onscreen with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Note : running option #2 on a non infected computer will remove your Desktop background.

5) Post the content of rapport.txt, the Ewido report and a new HijackThis! log in your next reply.

mono · June 2006

It's GONEEE!!! At least I dont see it anymore so I hope its gone for good!
The following are the logs generated from SmitfraudFix, Ewido & HijackThis :

SmitFraudFix v2.53

Scan done at 13:37:57.96, Mon 06/05/2006
Run from C:\Documents and Settings\s12876.S12876-PC-01\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINNT\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINNT\system32\imfdfcj.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINNT\system32\imfdfcj.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINNT\system32\imfdfcj.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

ewido anti-malware - Scan report

+ Created on: 2:22:00 PM, 6/5/2006
+ Report-Checksum: F847FCC9

+ Scan result:

HKLM\SOFTWARE\Classes\Contact.Contacts -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Adware.HotBar : Cleaned with backup
C:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbarcom.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1057703.sdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\308e.dat -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip\27503 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip\35047 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip\80670 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip\85062 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip\90358 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip\99008 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Hotbar\IESkins -> Adware.HotBar : Cleaned with backup
:mozilla.15:C:\Documents and Settings\s12876\Application Data\Mozilla\Profiles\default\15zquhq2.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.30:C:\Documents and Settings\s12876\Application Data\Mozilla\Profiles\default\15zquhq2.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.6:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.8:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.9:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.30:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.31:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.33:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\iaxfesth.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.10:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.34:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.46:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.47:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.48:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.49:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.50:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.51:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.52:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.53:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.56:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.57:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.58:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.59:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.60:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.69:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.70:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.71:C:\Documents and Settings\s12876.S12876-PC-01\Application Data\Mozilla\Firefox\Profiles\xmzs0emo.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 2:27:36 PM, on 6/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\TEMP\SUED46.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\s12876.S12876-PC-01\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Attachmate IBM Mainframe Display - http://200.1.31.112/HostAccess-Standard/JavaClient/3270View.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {44C7F862-906C-11D3-A8ED-0008C75B3588} (IEPAPI Class) - http://200.13.1.10/CyberDOCS/Plugins/papibrdg.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://200.13.1.10/CyberDOCS/Plugins/isetupml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FC4D6A5-5AF5-4A24-B748-D3C893BB7B2A}: NameServer = 200.15.14.14,200.15.14.16
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

Thanks a million Crunchie! TQTQTQTQ.

Crunchie · June 2006

Cool

. Just a couple of others to remove and we should be done;

Can you please do the following.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINNT\TEMP\SUED46.EXE

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Scan with HiJackThis, then check(tick) the following, if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Download CCleaner and install, then run it.

Uncheck "Cookies" under "Internet Explorer".
Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Close when finished.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

mono · June 2006

COuldnt seem to kill the process SUED46.EXE in normal mode, and non existent in safe mode. FOllowed the rest of the instruction and this is the log frm HijackThis :

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\TEMP\KP6C6A.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\Documents and Settings\s12876.S12876-PC-01\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Attachmate IBM Mainframe Display - http://200.1.31.112/HostAccess-Standard/JavaClient/3270View.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {44C7F862-906C-11D3-A8ED-0008C75B3588} (IEPAPI Class) - http://200.13.1.10/CyberDOCS/Plugins/papibrdg.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://200.13.1.10/CyberDOCS/Plugins/isetupml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FC4D6A5-5AF5-4A24-B748-D3C893BB7B2A}: NameServer = 200.15.14.14,200.15.14.16
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

The SpywareQuake fake virus alert is no longer at my system tray. Hope the rest is ok too.

Crunchie · June 2006

Looks like the file is name-changing.

Please visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/en/start_corp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Also run this online trojan scanner

TrojanScan

Can't get rid of stubborn SpywareQuake virus alert from system tray

Comments