Thread: Hijacked browser. Pop-ups. Trojans galore
View Single Post
Old 09-22-2006, 11:21 AM   #5 (permalink)
bencloomis
Registered User
 
Join Date: Sep 2006
Posts: 7
OS: XP


Again, thank you for the clear instructions. No issues so far. (And no more popups!) Looks like there are still plenty of ugly files on my computer, but I can't say that performance is affected noticably.

Kapersky and HJT logs are below...

--------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 22, 2006 10:15:02 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/09/2006
Kaspersky Anti-Virus database records: 225605
--------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 50737
Number of viruses found: 23
Number of infected objects: 90 / 0
Number of suspicious objects: 3
Duration of the scan process: 00:58:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060921_Time-221055031_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060921_Time-221055031_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_OPWV-BBLEICHM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_OPWV-BBLEICHM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\bbleichm\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\bbleichm\Desktop\requested-files[2006-09-22_08_55].cab/C:/WINDOWS/system32/bkd.exe/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\Documents and Settings\bbleichm\Desktop\requested-files[2006-09-22_08_55].cab/C:/WINDOWS/system32/bkd.exe/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\Documents and Settings\bbleichm\Desktop\requested-files[2006-09-22_08_55].cab/C:/WINDOWS/system32/bkd.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\Documents and Settings\bbleichm\Desktop\requested-files[2006-09-22_08_55].cab/C:/WINDOWS/system32/bkd.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\Documents and Settings\bbleichm\Desktop\requested-files[2006-09-22_08_55].cab/C:/DXC1205b.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\Documents and Settings\bbleichm\Desktop\requested-files[2006-09-22_08_55].cab/C:/912_121.exe Infected: Trojan-PSW.Win32.LdPinch.arr skipped
C:\Documents and Settings\bbleichm\Desktop\requested-files[2006-09-22_08_55].cab CAB: infected - 6 skipped
C:\Documents and Settings\bbleichm\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/benbb/14 Mar 2003 03:49 from jamie:Accuracy of this information..html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\bbleichm\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: suspicious - 1 skipped
C:\Documents and Settings\bbleichm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\bbleichm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\bbleichm\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\bbleichm\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\bbleichm\My Documents\backup.pst/Personal Folders/Deleted Items/27 Jan 2004 17:34 from Yahoo! Mail Virus Protection <mail-antivi/27 Jan 2004 14:34 to benbb@sbcglobal.net:Hello/file.zip/file.htm .scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\bbleichm\My Documents\backup.pst/Personal Folders/Deleted Items/27 Jan 2004 17:34 from Yahoo! Mail Virus Protection <mail-antivi/27 Jan 2004 14:34 to benbb@sbcglobal.net:Hello/file.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\bbleichm\My Documents\backup.pst/Personal Folders/Deleted Items/27 Jan 2004 21:14 from Yahoo! Mail Virus Protection <mail-antivi/27 Jan 2004 18:14 to benbb@sbcglobal.net:Paskbhpxqfhhgm/text.zip/text.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\bbleichm\My Documents\backup.pst/Personal Folders/Deleted Items/27 Jan 2004 21:14 from Yahoo! Mail Virus Protection <mail-antivi/27 Jan 2004 18:14 to benbb@sbcglobal.net:Paskbhpxqfhhgm/text.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\bbleichm\My Documents\backup.pst/Personal Folders/Deleted Items/27 Jan 2004 19:45 from Mail Administrator:Mail System Error - Re/27 Jan 2004 19:29 to ray@yahoo.com:test/document.zip/document.htm .scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\bbleichm\My Documents\backup.pst/Personal Folders/Deleted Items/27 Jan 2004 19:45 from Mail Administrator:Mail System Error - Re/27 Jan 2004 19:29 to ray@yahoo.com:test/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\bbleichm\My Documents\backup.pst/Personal Folders/benbb/14 Mar 2003 03:49 from jamie:Accuracy of this information..html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\bbleichm\My Documents\backup.pst Mail MS Mail: infected - 6, suspicious - 1 skipped
C:\Documents and Settings\bbleichm\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\bbleichm\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DeluxeCommunications\DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\Program Files\Yahoo!\Messenger\ypager.log Object is locked skipped
C:\RECYCLER\S-1-5-21-1482476501-682003330-1801674531-26653\Dc2.exe/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\RECYCLER\S-1-5-21-1482476501-682003330-1801674531-26653\Dc2.exe/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\RECYCLER\S-1-5-21-1482476501-682003330-1801674531-26653\Dc2.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\RECYCLER\S-1-5-21-1482476501-682003330-1801674531-26653\Dc2.exe CAB: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1482476501-682003330-1801674531-26653\Dc3.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\RECYCLER\S-1-5-21-1482476501-682003330-1801674531-26653\Dc4.exe Infected: Trojan-PSW.Win32.LdPinch.arr skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019199.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019200.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019202.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019203.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019204.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019219.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019223.dll Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019226.dll Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019228.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019229.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019230.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019231.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019231.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019231.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019231.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019231.exe WiseSFX Dropper: infected - 3 skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019232.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019233.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019234.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019235.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019236.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.o skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019238.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019239.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019240.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019241.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019251.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019253.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019254.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019257.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019258.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019260.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019261.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019262.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019263.exe/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019263.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019263.exe/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019263.exe/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019263.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019263.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019263.exe RarSFX: infected - 6 skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019269.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019272.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019281.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019297.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019307.exe Infected: Trojan-Downloader.Win32.Adload.fp skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019309.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019310.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019318.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019319.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019331.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019332.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019347.exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019350.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019351.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019357.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019358.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019359.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019362.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019363.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019372.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019377.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019389.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019390.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019405.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019406.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019425.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019426.exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019475.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP267\A0019476.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{72C79714-65DD-43F0-9213-02637B0923A2}\RP268\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

******************************************************
******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 10:19:40 AM, on 9/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.openwave.com/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O1 - Hosts: 127.0.0.2 rwc-ora-qa2
O1 - Hosts: 127.0.0.2 perforce
O1 - Hosts: 127.0.0.2 perforce2
O1 - Hosts: 127.0.0.2 perforce3
O1 - Hosts: 127.0.0.2 perforce4
O1 - Hosts: 127.0.0.2 perforce5
O1 - Hosts: 127.0.0.2 perforce6
O1 - Hosts: 127.0.0.2 perforce7
O1 - Hosts: 127.0.0.2 perforce8
O1 - Hosts: 127.0.0.2 ptgtools
O1 - Hosts: 127.0.0.2 perforce9
O1 - Hosts: 127.0.0.4 rwc-ora-qa2
O1 - Hosts: 127.0.0.5 rwc-ora-prod2
O1 - Hosts: 127.0.0.2 rwc-ldap-qa1
O1 - Hosts: 127.0.0.2 crownjewels
O1 - Hosts: 127.0.0.2 p4test
O1 - Hosts: 127.0.0.2 evoe
O1 - Hosts: 127.0.0.2 evoe2
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.myopwv.com
O15 - Trusted Zone: *.netscaler.com
O15 - Trusted Zone: *.openwave.com
O15 - Trusted Zone: *.peopleclick.com
O15 - Trusted Zone: *.myopwv.com (HKLM)
O15 - Trusted Zone: *.netscaler.com (HKLM)
O15 - Trusted Zone: *.openwave.com (HKLM)
O15 - Trusted Zone: *.peopleclick.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119451976022
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136833846531
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://openwave.webex.com/client/T2...ex/ieatgpc.cab
O16 - DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} (Nsload Control) - https://rwc-sslvpn.openwave.com/vpns/scripts/nsload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = myopwv.com
O17 - HKLM\Software\..\Telephony: DomainName = myopwv.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = myopwv.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = myopwv.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
bencloomis is offline