PDA

View Full Version : Trojan? Windows cannot find ...\ibm00001.exe



DmanSlam
2006-09-20, 23:57
Hi, I'm new here. Been reading similar experiences and followed instructions using HijackThis, Ewido and SmitFraudFix. As instructed, I'm posting the logs.

Your assistance is much appreciated.

========================
--> The log file from HijackThis
========================

Logfile of HijackThis v1.99.1
Scan saved at 4:46:11 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
E:\My Tools\Ewido Anti Spyware\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
E:\My Tools\Ewido Anti Spyware\ewido anti-spyware 4.0\ewido.exe
E:\My Tools\WinZip10.0\winZip\WZQKPICK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
E:\My Tools\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "E:\My Tools\Ewido Anti Spyware\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Startup: Reminder.txt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\My Tools\WinZip10.0\winZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://hsslus.honeywell.com/Citrix/ICAWEB/en/ica32/wficac.cab,DanaInfo=198.186.47.66+
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O21 - SSODL: Term3d - {753BEF1D-9231-4457-A1B2-258F5C05228E} - C:\WINDOWS\system32\chkget.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\My Tools\Ewido Anti Spyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

DmanSlam
2006-09-20, 23:59
====================
--> Ewido Log (part 1)
====================

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:31:47 AM 9/20/2006

+ Scan result:



:mozilla.11:C:\Documents and Settings\Morgan\Application Data\Mozilla\Firefox\Profiles\igrh8mx9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\NonAdmin User\Application Data\Mozilla\Firefox\Profiles\xc2myt0r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\NonAdmin User\Application Data\Mozilla\Firefox\Profiles\xc2myt0r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Morgan\Application Data\Mozilla\Firefox\Profiles\igrh8mx9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00000581.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\NonAdmin User\Application Data\Mozilla\Firefox\Profiles\xc2myt0r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Morgan\Cookies\morgan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadine\Cookies\nadine@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\NonAdmin User\Cookies\nonadmin user@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000944.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000946.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000949.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000954.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000956.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000958.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000960.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000962.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000964.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000979.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000981.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00000996.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001003.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001005.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001007.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001009.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001011.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001013.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001015.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001017.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001019.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001021.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001023.TXT -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00001025.TXT -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadine\Cookies\nadine@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\RECYCLER\NPROTECT\00001131.TXT -> TrackingCookie.Addynamix : Cleaned.
:mozilla.16:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.9:C:\Documents and Settings\NonAdmin User\Application Data\Mozilla\Firefox\Profiles\xc2myt0r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Morgan\Cookies\morgan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Nadine\Cookies\nadine@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\NonAdmin User\Cookies\nonadmin user@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00001129.TXT -> TrackingCookie.Atdmt : Cleaned.
:mozilla.70:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.71:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.72:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Mike\Cookies\mike@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.10:C:\Documents and Settings\NonAdmin User\Application Data\Mozilla\Firefox\Profiles\xc2myt0r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.12:C:\Documents and Settings\Morgan\Application Data\Mozilla\Firefox\Profiles\igrh8mx9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.55:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00000581.MOZ -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Nadine\Cookies\nadine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\NonAdmin User\Cookies\nonadmin user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00001083.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00001084.TXT -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.38:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.39:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.43:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

DmanSlam
2006-09-21, 00:00
Posting a reply only allows so many characters, so I had to break up this log file...

===================
Ewido Log (part 2 of 2)
===================

:mozilla.18:C:\RECYCLER\NPROTECT\00000764.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00000772.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00000798.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00000803.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.23:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\hyiawddk.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00001189.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00001205.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00001218.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00001232.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00001293.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00000809.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00001186.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.60:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00000724.MOZ -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.11:C:\Documents and Settings\NonAdmin User\Application Data\Mozilla\Firefox\Profiles\xc2myt0r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.12:C:\Documents and Settings\NonAdmin User\Application Data\Mozilla\Firefox\Profiles\xc2myt0r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Nadine\Cookies\nadine@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.61:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.62:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.63:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.64:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.104:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.105:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.91:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.92:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.78:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Morgan\Cookies\morgan@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\NPROTECT\00000576.TXT -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00000764.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00000772.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00000798.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00000803.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.12:C:\RECYCLER\NPROTECT\00000764.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.12:C:\RECYCLER\NPROTECT\00000772.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.12:C:\RECYCLER\NPROTECT\00000798.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.12:C:\RECYCLER\NPROTECT\00000803.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00000764.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00000772.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00000798.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00000803.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00000764.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00000772.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00000798.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00000803.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00000764.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00000772.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00000798.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00000803.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\hyiawddk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00000809.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00001186.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00001189.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00001205.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00001218.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00001232.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00001293.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\hyiawddk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00000809.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00001186.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00001189.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00001205.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00001218.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00001232.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00001293.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\hyiawddk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00000809.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00001186.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00001189.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00001205.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00001218.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00001232.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00001293.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.20:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\hyiawddk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00000809.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00001186.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00001189.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00001205.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00001218.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00001232.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00001293.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\hyiawddk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00000809.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00001186.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00001189.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00001205.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00001218.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00001232.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00001293.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.113:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.121:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.122:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.68:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.102:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.95:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.96:C:\Documents and Settings\Nadine\Application Data\Mozilla\Firefox\Profiles\r1q5onz3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Nadine\Cookies\nadine@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00001132.TXT -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00000008.exe -> Trojan.Sinowal.ai : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00000009.dll -> Trojan.Sinowal.am : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00001380.dll -> Trojan.Sinowal.an : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00000010.EXE -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).


::Report end

LonnyRJones
2006-09-24, 11:56
Welcome

Start Hijackthis and place a check next to these items If there.
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C:\WINDOWS\system32\chkget.dll < does that file exist ? if so submit it here and let us know whst was found
http://www.virustotal.com/flash/index_en.html

Post a fresh hijackthis log please, be sure to mention any current problems.

tashi
2006-09-28, 23:43
DmanSlam how is it going?

tashi
2006-10-04, 20:44
This topic has been archived due to lack of a response.
If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.