Show Posts
1
Tech Clinic / getting rid of daosearch
« on: April 18, 2005, 10:50:29 AM »
You're the best!! It seems to have worked! Here are my logs.
Logfile of HijackThis v1.99.1
Scan saved at 11:48:11 AM, on 4/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\windows\system32\taskmg.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\m?config.exe
C:\windows\vlgrsok.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Documents and Settings\Elizabeth\Application Data\othb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\LAVASO~1\AD-AWA~1\Ad-Aware.exe
C:\Documents and Settings\Elizabeth\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirect...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wchome.wilmington.edu/cgi-bin/wchome.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wchome.wilmington.edu/cgi-bin/wchome.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Profiles\default\hk63t5i9.slt\prefs.js)
O2 - BHO: (no name) - {035E5F57-E8BE-9548-B51E-CCEE84F7BDB8} - C:\WINDOWS\System32\glbigwy.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BQcPv] C:\windows\system32\BQcPv.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [7xp6kwrB] C:\windows\system32\7xp6kwrB.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gBv8RjYtO] cne8thk.exe
O4 - HKCU\..\Run: [Aaou] C:\Documents and Settings\Elizabeth\Application Data\othb.exe
O4 - HKCU\..\Run: [Yjqulpgl] C:\WINDOWS\System32\m?config.exe
O4 - HKCU\..\Run: [fkuywry] c:\windows\stibyee.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {BC8C2B75-E87F-4D42-9C7E-488EF7935554} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BC8C2B75-E87F-4D42-9C7E-488EF7935554} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C.../bridge-c18.cab
O16 - DPF: {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} - http://fad-1112.nyc1.targetnet.com/ad/id=l...mviewer_101.cab
O23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
==================================================
Scan Control Dumped @ 02:37:19 18-04-05
RegVal Trace: Worm.Torvil please submit: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Service Host=C:\WINDOWS\System32\Services\{29FC548E-C373-431D-9724-2B38CC6663D6}\SVCHOST.EXE]
RegVal Trace: Worm.Quaters: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Windows Task Manager=c:\windows\system32\taskmg.exe]
RegVal Trace: TrojanClicker.Win32.Spyre: HKEY_CURRENT_USER
File: Software\Microsoft\Windows\CurrentVersion\RunOnce [Srv32 spool service=C:\WINDOWS\System32\spoolsrv32.exe]
RegVal Trace: TrojanClicker.Win32.Spyre: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\RunOnce [Srv32 spool service=C:\WINDOWS\System32\spoolsrv32.exe]
Positive identification: Worm.Bagz.i1
File: c:\windows\system32\cmdtel.exe
Positive identification: TrojanDownloader.Win32.Presario
File: c:\windows\system32\mscmtsrvc.exe
Suspicious Filename: Dual extensions
File: c:\documents and settings\elizabeth\desktop\bittorrent-3.4.2.exe
Positive identification (DLL): Adware.Wintol.y (dll)
File: c:\documents and settings\elizabeth\local settings\temp\wtoolsb.dll
Positive identification: TrojanDownloader.Win32.QDown.m
File: c:\documents and settings\elizabeth\local settings\temporary internet files\content.ie5\2nsp4zgb\ibis-100[1].0000
Suspicious Filename: Dual extensions
File: c:\program files\application setups\gordianknot.codecpack.1.1.exe
Positive identification: Adware.Broadcap.a Dropper.a
File: c:\program files\bpt\bptre_inst.exe
Positive identification: Adware.Broadcap.a1
File: c:\program files\common files\java\bptre.exe
Positive identification: TrojanDownloader.Win32.Wintool.e1
File: c:\temp\edow.exe
Positive identification: TrojanDropper.Win32.Agent.hv
File: c:\temp\edowpack.exe
Positive identification (DLL): Adware.WinAD.ah (dll)
File: c:\windows\downloaded program files\mediaaccx.dll
Positive identification: Adware.WinFetcher.g
File: c:\windows\system32\7xp6kwrb.exe
Positive identification (DLL): TrojanProxy.Win32.Small.bk (dll)
File: c:\windows\system32\aaa.dl_
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\booknew.dll
Positive identification: Adware.WinFetcher.g
File: c:\windows\system32\bqcpv.exe
Positive identification: Worm.Bagz.i1
File: c:\windows\system32\cmdtel.exe
Positive identification: Worm.Bagz.i1
File: c:\windows\system32\cmdteld.exe
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\exact.dll
Positive identification: Trojan.Win32.Agent.az
File: c:\windows\system32\fgqsm.exe
Positive identification (DLL): TrojanDropper.Win32.Miewer.f (dll)
File: c:\windows\system32\goldnew2b.dll
Positive identification (DLL): TrojanDropper.Win32.Miewer.f (dll)
File: c:\windows\system32\goldnew2b0406.dll
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\midad.dll
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\midad0406.dll
Positive identification: Worm.Bagz.h1
File: c:\windows\system32\mocihd.exe
Positive identification: TrojanDownloader.Win32.Presario
File: c:\windows\system32\mscmtsrvc.exe
Positive identification: Adware.PurityScan.w11
File: c:\windows\system32\othb.exe
Positive identification: Trojan.Win32.TopAntiSpyware.i
File: c:\windows\system32\spoolsrv32.exe
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\tvnew.dll
Positive identification (DLL): TrojanDownloader.Win32.Agent.kf1 (dll)
File: c:\windows\system32\wldr.dll
Positive identification: Trojan.Win32.Agent.az
File: c:\windows\system32\zfr.exe
Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\windows\system32\services\{29fc548e-c373-431d-9724-2b38cc6663d6}\svchost.dll
Positive identification: Trojan.Win32.WebSearch.i
File: c:\windows\system32\services\{29fc548e-c373-431d-9724-2b38cc6663d6}\svchost.exe
Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\windows\system32\services\{29fc548e-c373-431d-9724-2b38cc6663d6}\svchost32.dll
Logfile of HijackThis v1.99.1
Scan saved at 11:48:11 AM, on 4/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\windows\system32\taskmg.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\m?config.exe
C:\windows\vlgrsok.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Documents and Settings\Elizabeth\Application Data\othb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\LAVASO~1\AD-AWA~1\Ad-Aware.exe
C:\Documents and Settings\Elizabeth\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirect...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wchome.wilmington.edu/cgi-bin/wchome.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wchome.wilmington.edu/cgi-bin/wchome.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Profiles\default\hk63t5i9.slt\prefs.js)
O2 - BHO: (no name) - {035E5F57-E8BE-9548-B51E-CCEE84F7BDB8} - C:\WINDOWS\System32\glbigwy.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BQcPv] C:\windows\system32\BQcPv.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [7xp6kwrB] C:\windows\system32\7xp6kwrB.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gBv8RjYtO] cne8thk.exe
O4 - HKCU\..\Run: [Aaou] C:\Documents and Settings\Elizabeth\Application Data\othb.exe
O4 - HKCU\..\Run: [Yjqulpgl] C:\WINDOWS\System32\m?config.exe
O4 - HKCU\..\Run: [fkuywry] c:\windows\stibyee.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {BC8C2B75-E87F-4D42-9C7E-488EF7935554} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BC8C2B75-E87F-4D42-9C7E-488EF7935554} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C.../bridge-c18.cab
O16 - DPF: {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} - http://fad-1112.nyc1.targetnet.com/ad/id=l...mviewer_101.cab
O23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
==================================================
Scan Control Dumped @ 02:37:19 18-04-05
RegVal Trace: Worm.Torvil please submit: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Service Host=C:\WINDOWS\System32\Services\{29FC548E-C373-431D-9724-2B38CC6663D6}\SVCHOST.EXE]
RegVal Trace: Worm.Quaters: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Windows Task Manager=c:\windows\system32\taskmg.exe]
RegVal Trace: TrojanClicker.Win32.Spyre: HKEY_CURRENT_USER
File: Software\Microsoft\Windows\CurrentVersion\RunOnce [Srv32 spool service=C:\WINDOWS\System32\spoolsrv32.exe]
RegVal Trace: TrojanClicker.Win32.Spyre: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\RunOnce [Srv32 spool service=C:\WINDOWS\System32\spoolsrv32.exe]
Positive identification: Worm.Bagz.i1
File: c:\windows\system32\cmdtel.exe
Positive identification: TrojanDownloader.Win32.Presario
File: c:\windows\system32\mscmtsrvc.exe
Suspicious Filename: Dual extensions
File: c:\documents and settings\elizabeth\desktop\bittorrent-3.4.2.exe
Positive identification (DLL): Adware.Wintol.y (dll)
File: c:\documents and settings\elizabeth\local settings\temp\wtoolsb.dll
Positive identification: TrojanDownloader.Win32.QDown.m
File: c:\documents and settings\elizabeth\local settings\temporary internet files\content.ie5\2nsp4zgb\ibis-100[1].0000
Suspicious Filename: Dual extensions
File: c:\program files\application setups\gordianknot.codecpack.1.1.exe
Positive identification: Adware.Broadcap.a Dropper.a
File: c:\program files\bpt\bptre_inst.exe
Positive identification: Adware.Broadcap.a1
File: c:\program files\common files\java\bptre.exe
Positive identification: TrojanDownloader.Win32.Wintool.e1
File: c:\temp\edow.exe
Positive identification: TrojanDropper.Win32.Agent.hv
File: c:\temp\edowpack.exe
Positive identification (DLL): Adware.WinAD.ah (dll)
File: c:\windows\downloaded program files\mediaaccx.dll
Positive identification: Adware.WinFetcher.g
File: c:\windows\system32\7xp6kwrb.exe
Positive identification (DLL): TrojanProxy.Win32.Small.bk (dll)
File: c:\windows\system32\aaa.dl_
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\booknew.dll
Positive identification: Adware.WinFetcher.g
File: c:\windows\system32\bqcpv.exe
Positive identification: Worm.Bagz.i1
File: c:\windows\system32\cmdtel.exe
Positive identification: Worm.Bagz.i1
File: c:\windows\system32\cmdteld.exe
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\exact.dll
Positive identification: Trojan.Win32.Agent.az
File: c:\windows\system32\fgqsm.exe
Positive identification (DLL): TrojanDropper.Win32.Miewer.f (dll)
File: c:\windows\system32\goldnew2b.dll
Positive identification (DLL): TrojanDropper.Win32.Miewer.f (dll)
File: c:\windows\system32\goldnew2b0406.dll
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\midad.dll
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\midad0406.dll
Positive identification: Worm.Bagz.h1
File: c:\windows\system32\mocihd.exe
Positive identification: TrojanDownloader.Win32.Presario
File: c:\windows\system32\mscmtsrvc.exe
Positive identification: Adware.PurityScan.w11
File: c:\windows\system32\othb.exe
Positive identification: Trojan.Win32.TopAntiSpyware.i
File: c:\windows\system32\spoolsrv32.exe
Positive identification (DLL): TrojanDropper.Win32.Miewer.a (dll)
File: c:\windows\system32\tvnew.dll
Positive identification (DLL): TrojanDownloader.Win32.Agent.kf1 (dll)
File: c:\windows\system32\wldr.dll
Positive identification: Trojan.Win32.Agent.az
File: c:\windows\system32\zfr.exe
Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\windows\system32\services\{29fc548e-c373-431d-9724-2b38cc6663d6}\svchost.dll
Positive identification: Trojan.Win32.WebSearch.i
File: c:\windows\system32\services\{29fc548e-c373-431d-9724-2b38cc6663d6}\svchost.exe
Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\windows\system32\services\{29fc548e-c373-431d-9724-2b38cc6663d6}\svchost32.dll