The above mentioned is a an error message whenever i login after the boot process It says windows was not able to find a particular file named ibm00001.exe as above the path is defined So thats my Question how do I resolve this issue its being long time

As a first response you might want to post a HijackThis log for review by our Pros in that section:

Please follow the instructions HERE & then post your log in a new thread in the Spyware, Adware, Viruses and HijackThis Logs section.
(Not in this section please).

Please specify what issues you appear to be experiencing along with your log.

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

This is an error message that get when i login into winXp i have this problem for long time and when i click on the canceltab provided in window it goes off then i can work in windows normally.I need to know what exactly does the above mentioned file is used by windows and i have accidentally deleted it where can i find the file (ibm00001.exe)

As a first response you might want to post a HijackThis log for review by our Pros in that section:

Please follow the instructions HERE & then post your log in a new thread in the Spyware, Adware, Viruses and HijackThis Logs section.
(Not in this section please).

Please specify what issues you appear to be experiencing along with your log.

Logfile of HijackThis v1.99.1
Scan saved at 1:39:58 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ww\msntb.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ww\msntb.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dmkbb.exe] C:\WINDOWS\system32\dmkbb.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ww\bin\WindowsSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ww\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\en-ww\msntabres.dll/229?3390120750c841c4b826a6141ace8fe4
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\en-ww\msntabres.dll/230?3390120750c841c4b826a6141ace8fe4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd...id/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27403167-9358-4EBC-8971-2ABAC4736B1B}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ECE1A8C-5774-45E5-84F3-DD75619A6434}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FD3D40B-1E98-4B82-9C04-9EE12CCA3FC4}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1212C7D-C175-4D33-B9B0-F650F5793D32}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25ED52C-D0D3-46CA-A0E6-307AC6589ABE}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{CED1CA96-3183-4759-9154-562C497E2BB4}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C04BBE-FC20-47A4-82EA-A21EEB66F36F}: NameServer = 85.255.116.120,85.255.112.235
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

This is an error message that get when i login into winXp i have this problem for long time and when i click on the canceltab provided in window it goes off then i can work in windows normally.I need to know what exactly does the above mentioned file is used by windows and i have accidentally deleted it where can i find the file (ibm00001.exe)

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

This is an error message that get when i login into winXp i have this problem for long time and when i click on the canceltab provided in window it goes off then i can work in windows normally.I need to know what exactly does the above mentioned file is used by windows and i have accidentally deleted it where can i find the file (ibm00001.exe)


Logfile of HijackThis v1.99.1
Scan saved at 1:43:52 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ww\msntb.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ww\msntb.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dmkbb.exe] C:\WINDOWS\system32\dmkbb.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ww\bin\WindowsSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ww\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\en-ww\msntabres.dll/229?3390120750c841c4b826a6141ace8fe4
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\en-ww\msntabres.dll/230?3390120750c841c4b826a6141ace8fe4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd...id/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27403167-9358-4EBC-8971-2ABAC4736B1B}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ECE1A8C-5774-45E5-84F3-DD75619A6434}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FD3D40B-1E98-4B82-9C04-9EE12CCA3FC4}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1212C7D-C175-4D33-B9B0-F650F5793D32}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25ED52C-D0D3-46CA-A0E6-307AC6589ABE}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{CED1CA96-3183-4759-9154-562C497E2BB4}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C04BBE-FC20-47A4-82EA-A21EEB66F36F}: NameServer = 85.255.116.120,85.255.112.235
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Welcome to DAL,


You have some very serious infections, that ibm thing is a trojan that probably has stolen all personnel information about you. If you have done any online banking, credit card transactions etc., you need to contact those companies immediately and tell them you are very likely a victim of identity theft.



You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.


Also do this:


Please download, install, and update the NEW free version of Ewido trojan scanner:
[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
[*]From the main ewido screen, click on update in the left menu, then click the Start update button.
[*]After the update finishes (the status bar at the bottom will display "Update successful")
[*]Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
[*]If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
[*]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please and a new hijackthis log. Thanks.

These are all the reports that you have asked me
One more Question how do u know that the ibm thing is surely a trojan
I need to know waht exactly the fixwareout application did to my system


Fixwareout ver 1.003
Last edited 04/26/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\bbkmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\32refaselif
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSHJL.EXE

»»»»» Misc files
* thequicklink C:\WINDOWS\System32\SCJIA.DLL

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSHJL.EXE 51,221 2006-04-25
C:\WINDOWS\SYSTEM32\DMIJM.EXE 44,092 2004-08-04

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:25:47 PM, 5/25/2006
+ Report-Checksum: CD9CB21A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Ignored
HKLM\SOFTWARE\Classes\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored
HKU\S-1-5-21-1078081533-117609710-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\ Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Ignored
HKU\S-1-5-21-1078081533-117609710-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\ Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Ignored
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HM0OU8X0\nb6u[1].exe -> Proxy.Delf.al : Ignored
C:\WINDOWS\system32\dmijm.exe -> Trojan.Pakes : Ignored
C:\WINDOWS\system32\scjia.dll -> Adware.SBSoft : Ignored
C:\WINDOWS\system32\dvkvvfzs.okg -> Hijacker.Small.js : Ignored
C:\WINDOWS\Temp\$_2341233.EXE -> Dropper.Agent.aan : Ignored
C:\WINDOWS\kl.exe -> Logger.Agent.jl : Ignored
C:\Documents and Settings\Supervisor\Local Settings\Temp\ASearchAssist.dll -> Adware.Agent : Ignored
C:\Documents and Settings\Supervisor\Local Settings\Temporary Internet Files\Content.IE5\KF732WP9\count[1].htm -> Downloader.Inor.a : Ignored
C:\Documents and Settings\Supervisor\Local Settings\Temporary Internet Files\Content.IE5\S16FODEJ\count[1].htm -> Downloader.Inor.a : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@www.myaffil iateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter.hit slink[2].txt -> TrackingCookie.Hitslink : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@c2.zedo[2].txt -> TrackingCookie.Zedo : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@cs.sexcount er[2].txt -> TrackingCookie.Sexcounter : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@server.iad. liveperson[2].txt -> TrackingCookie.Liveperson : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@image.maste rstats[1].txt -> TrackingCookie.Masterstats : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter8.se xtracker[2].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@revenue[2].txt -> TrackingCookie.Revenue : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter5.se xtracker[2].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@programs.we gcash[2].txt -> TrackingCookie.Wegcash : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter15.s extracker[2].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter13.s extracker[2].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter10.s extracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@zedo[2].txt -> TrackingCookie.Zedo : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@questionmar ket[1].txt -> TrackingCookie.Questionmarket : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@vip2.clickz s[2].txt -> TrackingCookie.Clickzs : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter6.se xtracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter16.s extracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@epilot[2].txt -> TrackingCookie.Epilot : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter11.s extracker[2].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@c.enhance[1].txt -> TrackingCookie.Enhance : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter12.s extracker[2].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@ad.yieldman ager[1].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@citi.bridge track[1].txt -> TrackingCookie.Bridgetrack : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@paycounter[2].txt -> TrackingCookie.Paycounter : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@c.goclick[2].txt -> TrackingCookie.Goclick : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter14.s extracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter3.se xtracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@sextracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@stat.onesta t[2].txt -> TrackingCookie.Onestat : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter7.se xtracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter1.se xtracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter4.se xtracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter9.se xtracker[2].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@counter2.se xtracker[2].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@sexlist[1].txt -> TrackingCookie.Sexlist : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Ignored
:mozilla.18:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Com : Ignored
:mozilla.19:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Com : Ignored
:mozilla.20:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.21:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.22:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.23:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.24:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.25:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Atdmt : Ignored
:mozilla.35:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.36:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.37:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.38:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.39:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Doubleclick : Ignored
:mozilla.86:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Sexlist : Ignored
:mozilla.91:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.92:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.96:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Qksrv : Ignored
:mozilla.97:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Qksrv : Ignored
:mozilla.100:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.101:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.102:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.103:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Falkag : Ignored
:mozilla.104:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.105:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.113:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Webtrendslive : Ignored
:mozilla.114:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Adserver : Ignored
:mozilla.115:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Adserver : Ignored
:mozilla.116:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.118:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Mediaplex : Ignored
:mozilla.119:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Zedo : Ignored
:mozilla.120:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Zedo : Ignored
:mozilla.138:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Webtrendslive : Ignored
:mozilla.139:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.140:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.147:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Hotlog : Ignored
:mozilla.148:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Spylog : Ignored
:mozilla.149:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Yadro : Ignored
:mozilla.150:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Vegasred : Ignored
:mozilla.151:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Vegasred : Ignored
:mozilla.152:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Vegasred : Ignored
:mozilla.153:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Vegasred : Ignored
:mozilla.154:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Vegasred : Ignored
:mozilla.155:C:\Documents and Settings\Supervisor\Application Data\Mozilla\Firefox\Profiles\yr9ixebm.default\coo kies.txt -> TrackingCookie.Vegasred : Ignored
C:\Documents and Settings\Family\Cookies\family@2o7[1].txt -> TrackingCookie.2o7 : Ignored
:mozilla.36:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Doubleclick : Ignored
:mozilla.37:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.38:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.39:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.40:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.41:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.42:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.43:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.46:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Targetnet : Ignored
:mozilla.52:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.53:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.54:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.55:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.57:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored
:mozilla.58:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored
:mozilla.59:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored
:mozilla.63:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Atdmt : Ignored
:mozilla.64:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.247realmedia : Ignored
:mozilla.82:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Onestat : Ignored
:mozilla.83:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Onestat : Ignored
:mozilla.91:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.93:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.94:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.112:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.121:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Com : Ignored
:mozilla.122:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Com : Ignored
:mozilla.128:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.129:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.131:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Adtech : Ignored
:mozilla.132:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Adtech : Ignored
:mozilla.137:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Falkag : Ignored
:mozilla.138:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Falkag : Ignored
:mozilla.139:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Falkag : Ignored
:mozilla.140:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.141:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.142:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.143:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Serving-sys : Ignored
:mozilla.162:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\1u1191qn.default\coo kies.txt -> TrackingCookie.Mediaplex : Ignored
C:\Documents and Settings\Administrator\Cookies\administrator@msnpo rtal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Onestat : Ignored
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Onestat : Ignored
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Revenue : Ignored
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Hitbox : Ignored
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Hitbox : Ignored
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Hitbox : Ignored
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Adbrite : Ignored
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Adbrite : Ignored
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Com : Ignored
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uob8ua1w.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
C:\c.vbs -> Downloader.Small.f : Ignored
C:\Recycled\Dc7.exe -> Hijacker.Small.kg : Ignored
C:\Recycled\Dc8.exe -> Hijacker.Small : Ignored
C:\Recycled\Dc9.exe -> Trojan.Small.gq : Ignored
C:\Recycled\Dc10.exe -> Adware.Msnagent : Ignored
C:\Recycled\Dc11.exe -> Adware.FindSpy : Ignored
:mozilla.19:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Fastclick : Ignored
:mozilla.20:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Fastclick : Ignored
:mozilla.21:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Fastclick : Ignored
:mozilla.22:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Fastclick : Ignored
:mozilla.23:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Fastclick : Ignored
:mozilla.24:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Fastclick : Ignored
:mozilla.25:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Fastclick : Ignored
:mozilla.26:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Valueclick : Ignored
:mozilla.27:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Casalemedia : Ignored
:mozilla.28:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Casalemedia : Ignored
:mozilla.30:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Burstnet : Ignored
:mozilla.31:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Burstnet : Ignored
:mozilla.33:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Com : Ignored
:mozilla.34:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Com : Ignored
:mozilla.38:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Mediaplex : Ignored
:mozilla.48:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Atdmt : Ignored
:mozilla.49:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Questionmarket : Ignored
:mozilla.50:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Questionmarket : Ignored
:mozilla.51:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Doubleclick : Ignored
:mozilla.53:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Adtech : Ignored
:mozilla.54:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Adtech : Ignored
:mozilla.59:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Hitbox : Ignored
:mozilla.61:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Hitbox : Ignored
:mozilla.62:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Hitbox : Ignored
:mozilla.74:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Googleadservices : Ignored
:mozilla.75:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Overture : Ignored
:mozilla.80:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Onestat : Ignored
:mozilla.81:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Onestat : Ignored
:mozilla.86:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.2o7 : Ignored
:mozilla.87:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.2o7 : Ignored
:mozilla.101:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Statcounter : Ignored
:mozilla.102:C:\FOUND.023\FILE0003.CHK -> TrackingCookie.Spylog : Ignored
D:\kSirvNa38a.zip/DAP.exe -> Adware.Dap : Ignored
D:\Download\Software Downloads\d-6f6su1.exe/run.exe -> Downloader.PassAlert.i : Ignored
D:\Download\Software Downloads\d-6f3th2.exe/run.exe -> Downloader.PassAlert.i : Ignored
D:\Download\Software Downloads\package_MARKETING27.exe -> Adware.BargainBuddy : Ignored
D:\Download\New Folder\run.exe -> Downloader.PassAlert.e : Ignored
D:\Download\Ancient_TripeaksSetup-dm.exe -> Adware.Trymedia : Ignored
C:\Documents and Settings\Supervisor\Cookies\supervisor@tribalfusio n[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Supervisor\Cookies\supervisor@metacafe.12 2.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Supervisor\Cookies\supervisor@free.wegcas h[2].txt -> TrackingCookie.Wegcash : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 6:04:57 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ww\msntb.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ww\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dmkbb.exe] C:\WINDOWS\system32\dmkbb.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ww\bin\WindowsSearch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ww\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\en-ww\msntabres.dll/229?3390120750c841c4b826a6141ace8fe4
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\en-ww\msntabres.dll/230?3390120750c841c4b826a6141ace8fe4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd...id/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27403167-9358-4EBC-8971-2ABAC4736B1B}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ECE1A8C-5774-45E5-84F3-DD75619A6434}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FD3D40B-1E98-4B82-9C04-9EE12CCA3FC4}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1212C7D-C175-4D33-B9B0-F650F5793D32}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25ED52C-D0D3-46CA-A0E6-307AC6589ABE}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{CED1CA96-3183-4759-9154-562C497E2BB4}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C04BBE-FC20-47A4-82EA-A21EEB66F36F}: NameServer = 85.255.115.58,85.255.112.116
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

OK first things first you need to re-scan with Ewido and stay with it and let it remove all in finds. Post the log after that.



ibm0000.exe(=digit)

http://www.sophos.com/virusinfo/anal...ojtorpigc.html

The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP.

The Trojan downloads and executes additional files from a remote site. Configuration files may also be downloaded which define further behaviors. Troj/Torpig-C automatically closes security warning messages displayed by common anti-virus and security related applications.

Wareout:
http://research.sunbelt-software.co...&search=wareout

Often found with rogue NameServer = 85.255.x.x entries

Wareoutfix will remove wareout infection. Have you run it?