Jump to content

jeanette

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jeanette
    HA! I slipped in while he was getting coffee! HJT Log on C Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:58:51 PM, on 9/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe D:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe D:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\system32\rundll32.exe D:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\OfficeCalendar Server\OfficeCalendarServer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\cidaemon.exe D:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Intuit\QuickBooks 2007\qbw32.exe C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe D:\Program Files\Intuit\QuickBooks 2007\QBGDSPlugin.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://registration.excite.com/excitereg/l...ail.excite.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [MaxtorOneTouch] D:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: OfficeCalendar Server.lnk = C:\Program Files\OfficeCalendar Server\OfficeCalendarServer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191446587750 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191451904406 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} (TimeTrackingV2.UserControl1) - https://timetracking.quickbooks.com/ocx/tts...eTrackingV2.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0FBFEE45-B1B1-4CF3-83A1-8FB8ED3DC03C}: NameServer = 68.238.0.12,88.238.112.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{0FBFEE45-B1B1-4CF3-83A1-8FB8ED3DC03C}: NameServer = 68.238.0.12,88.238.112.12 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: MaxBackServiceInt - Unknown owner - D:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: MaxSyncService (NTService1) - - D:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - D:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 9152 bytes
  2. jeanette
    When I get the log I will post, but that probably won't be until Monday morning. I can't really kick my boss off his computer
  3. jeanette
    For just re-starting windows, do that many svchost.exe 's need to be started? That was the original file that BitDefender identified as being infected. Just checking. (Again, I appreciate the help from this forum. BD, which my boss paid for has yet to respond to the query we sent this morning, and it took them my boss calling them last night for them to respond to the original help e-mail from Friday!) Updated scan log: MBAM Log Malwarebytes' Anti-Malware 1.26 Database version: 1113 Windows 5.1.2600 Service Pack 2 9/4/2008 7:20:22 PM mbam-log-2008-09-04 (19-20-22).txt Scan type: Quick Scan Objects scanned: 61643 Time elapsed: 1 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:08:27 PM, on 9/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe D:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe D:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\MsPMSPSv.exe D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\OfficeCalendar Server\OfficeCalendarServer.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\SearchProtocolHost.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://registration.excite.com/excitereg/l...ail.excite.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [MaxtorOneTouch] D:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: OfficeCalendar Server.lnk = C:\Program Files\OfficeCalendar Server\OfficeCalendarServer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191446587750 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191451904406 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} (TimeTrackingV2.UserControl1) - https://timetracking.quickbooks.com/ocx/tts...eTrackingV2.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0FBFEE45-B1B1-4CF3-83A1-8FB8ED3DC03C}: NameServer = 68.238.0.12,88.238.112.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{0FBFEE45-B1B1-4CF3-83A1-8FB8ED3DC03C}: NameServer = 68.238.0.12,88.238.112.12 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: MaxBackServiceInt - Unknown owner - D:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: MaxSyncService (NTService1) - - D:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - D:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8953 bytes
  4. jeanette
    no go for attaching the file. I still couldn't find it anywhere. Searched *.dat, k*.dat and k*.* in c:\windows, c:\windows\system, c:\windows\system32 and c:\windows\system32\dllcache both in Windows Explorer and in the dos cmd. Nothing resembling karina.dat appeared. Next, I will re-run hijackthis and follow what you wrote in your next post and will reply to that when I'm done.
  5. jeanette
    The computer (windows search) cannot find the file (karina.dat), and I can't figure out where to look for it manually. Could I get some assistance there? Also, I realize that prompt responses are asked for, but given that the infected computer is my boss' computer, and he is currently working, I have no way to access his system. So I apologize for any inconvenience of delayed replies for at least the next 3 hours, and possibly into tomorrow morning (US central time), depending on when he is able to not use it and the time that I leave for the day. I do appreciate the time you all spend assisting us.
  6. jeanette
    hijackthis scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:16:12 PM, on 9/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe D:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe D:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\system32\rundll32.exe D:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\OfficeCalendar Server\OfficeCalendarServer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe D:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe C:\WINDOWS\system32\msiexec.exe d:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://registration.excite.com/excitereg/l...ail.excite.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [MaxtorOneTouch] D:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: OfficeCalendar Server.lnk = C:\Program Files\OfficeCalendar Server\OfficeCalendarServer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191446587750 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191451904406 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} (TimeTrackingV2.UserControl1) - https://timetracking.quickbooks.com/ocx/tts...eTrackingV2.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0FBFEE45-B1B1-4CF3-83A1-8FB8ED3DC03C}: NameServer = 68.238.0.12,88.238.112.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{0FBFEE45-B1B1-4CF3-83A1-8FB8ED3DC03C}: NameServer = 68.238.0.12,88.238.112.12 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O20 - AppInit_DLLs: karina.dat O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: MaxBackServiceInt - Unknown owner - D:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: MaxSyncService (NTService1) - - D:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - D:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 9104 bytes
  7. jeanette
    Panda scan: ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-09-04 13:11:43 PROTECTIONS: 1 MALWARE: 49 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Bit-Defender Internet Security 2008 11.0.17 No Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00039204 adware/cws Adware No 0 Yes No c:\documents and settings\terry w. dodds\favorites\insurance 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@trafficmp[2].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@doubleclick[3].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@atdmt[4].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@atdmt[3].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@247realmedia[1].txt 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@bfast[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@tribalfusion[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@mediaplex[1].txt 00149104 Cookie/Date TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@date[2].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@revenue[1].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@revenue[2].txt 00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@findwhat[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@com[1].txt 00167684 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@ehg-ati.hitbox[2].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@azjmp[2].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@azjmp[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@statcounter[2].txt 00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@club.cdfreaks[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@perf.overture[2].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@perf.overture[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@ad.yieldmanager[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@burstnet[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.TERRYOFFICE1\Cookies\administrator@burstnet[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@bs.serving-sys[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@www.burstbeacon[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@www.burstbeacon[2].txt 00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@cdfreaks[2].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@server.iad.liveperson[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@server.iad.liveperson[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@server.iad.liveperson[7].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@stat.onestat[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@advertising[1].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w[9].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@media.adrevolver[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@statse.webtrendslive[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@ads.pointroll[3].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@ads.pointroll[2].txt 00170534 Cookie/PurityScan TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@ads.valuead[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@overture[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@realmedia[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@questionmarket[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@zedo[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@bluestreak[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@adrevolver[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@adrevolver[1].txt 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@bravenet[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@go[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@go[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@go[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@searchportal.information[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@target[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@target[2].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@did-it[1].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@did-it[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@atwola[3].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@atwola[1].txt 00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@www6.addfreestats[1].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@www1.addfreestats[1].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@ehg-dig.hitbox[2].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry w. dodds@ads.addynamix[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@citi.bridgetrack[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@citi.bridgetrack[2].txt 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@adserver.easyad[1].txt 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Terry W. Dodds\Cookies\terry_w._dodds@adserver.easyad[2].txt ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = ===================
  8. jeanette
    Here's the mbam log (clean): Malwarebytes' Anti-Malware 1.26 Database version: 1112 Windows 5.1.2600 Service Pack 2 9/4/2008 10:45:17 AM mbam-log-2008-09-04 (10-45-17).txt Scan type: Quick Scan Objects scanned: 59794 Time elapsed: 6 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. jeanette
    I posted my original query on the thread "quarantined and deleted successfully, but then..." on the general forum, and on advice followed the instructions on which logs and in what order and am posting here. From the other forum: Also, when OUTLOOK sends/receives, occasionally there are duplicate accounts on the list (such as 3 accounts instead of the existing two).
  10. jeanette
    Even more so since it's a business -- not like a home computer -- but needed for syncing calendars, etc. and that I've been re-living the old days of running back and forth with a flash drive! And you guys are doing great! Many thanks!
  11. jeanette
    Eh... too late. I got tired of waiting for responses and with the OK from my boss (in case deleting the file corrupted the system) deleted the said Lqt24.sys from GMER since it wouldn't let me delete it from windows. So no file for anyone to examine, but so far so good on the computer. I'm still getting two "can't find file specified" random number and letter .sys files on GMER scans (such as 8d6aff.sys), in the c:\windows\system32\drivers directory though. (These so-named files appeared directly below the Lqt24.sys file in the original scans.) Are they remnants, or does this mean that I'm still infected? (I'm typing this from my connected-to-the-internet boss's computer, yay!)
  12. jeanette
    I thought of e-mailing this directly, but decided to post on the forum instead. More along the lines of feedback, though any suggestions would be appreciated. I "cleaned" an XP Home SP2 computer this morning using Anti-Malware. It found 5 infected folders and 22 infected folders, and quarantined and deleted them all successfully. I then re-ran the software and it came up clean. I then ran the usual antivirus software (BitDefender) and that also came up clean. I then plugged in the network cord and within a minute BitDefender had stopped 4 viruses from being launched and the constant stream of e-mails began again. I ran another deep system BitDefender scan and it came up with 2 infected files with No Action Possible. I ran Anti-Malware a third time and though BD had 2 positives, it found nothing. (I also ran GMER yesterday and they said the rootkit file is c:\windows\system32\drivers\Lqt24.sys. Unfortunately, I did not get this response from them before thinking the system was clean and plugging in the network cord.) The initial viruses that came up on the scan way back on Friday were Trojan.Dropper.Delf.Crypt.O, Trojan.Kobcka, Trojan.Inject.IA, and another that I don't remember. For every scan, a different name comes up, it seems. From the initial system scan of Anti-Malware I got the following 7 different positives: Rogue.XPSecurityCenter Rootkit.Agent (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr) Security.Hijack Trojan.Agent Adware.Funweb Malware.Trace Trojan.FakeAlert Two of the viruses that BD blocked after I plugged in the network cord were Trojan.Inject.JF and Trojan.Kobcka.DV. The Kobcka trojan was identified as being at C:\Windows\System32\drivers\tcpsr.sys. Is this merely a coincidence, or are they related? Again, Anti-Malware picked up nothing after this second BD scan which showed a No Action Possible result. Did the rootkit "learn" to hide from Anti-Malware during the first two scans?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.