View Full Version : TKO's HJTlog - viruses please help!
TKO250
27 Oct 2006, 06:05pm
Hello all -
Let me start off by saying how thankful I am to have found this site! The information I have found here already has been invaluable.
My screen name is TKO250 (total knock out) but you can call me TK. The problem started when a site asked to load Active X software...before I knew it I had pop-ups telling me that my computer was infected and that I had to buy some brand of anti-virus software to get rid of the problem...but it was the problem. Anyway...I got the pop-ups to stop on my own - and unintalled the software that was hijacking my internet explorer...then I did a search on anti-virus software and bought BitDefender...well - I scaned my computer and found two viruses that BitDefender could not remove. Shortly after that I found this site (thank goodness). I've followed the instructions in the "Before you post a Hijack this..." and have saved all my scans etc.
Note: Spybot S&D runs fine, Ad-ware freezes when it encounters one of the virus files. I'll post results of my scans below.
Thank in advance for your help.
TK
TKO250
27 Oct 2006, 06:07pm
Logfile of HijackThis v1.99.1
Scan saved at 12:46:05 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Cygwin\usr\X11R6\bin\XWin.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [holdem companion] C:\Program Files\Party Poker Companion\Hold'em Companion.exe /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Start X Windows.lnk = C:\Cygwin\usr\X11R6\bin\startxwin.bat
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154182023040
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
TKO250
27 Oct 2006, 06:08pm
RESULTS of PANDA Active Scan
Incident Status Location
Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.go.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.gostats.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.overture.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.target.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[server.iad.liveperson.net/hc/28297003]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt[www.myaffiliateprogram.com/]
TKO250
27 Oct 2006, 06:09pm
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 26, 2006 10:30:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/10/2006
Kaspersky Anti-Virus database records: 235312
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
Scan Statistics:
Total number of scanned objects: 121446
Number of viruses found: 4
Number of infected objects: 15 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:46:01
Infected Object Name / Virus Name / Last Action
C:\Cygwin\tmp\XWin.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cert8.db Object is locked skipped
C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\history.dat Object is locked skipped
C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\key3.db Object is locked skipped
C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\parent.lock Object is locked skipped
C:\Documents and Settings\Tessa\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tessa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tessa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Tessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Tessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Tessa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Tessa\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tessa\Local Settings\History\History.IE5\MSHist012006102620061027\index.dat Object is locked skipped
C:\Documents and Settings\Tessa\Local Settings\Temporary Internet Files\Content.IE5\3VH9P15E\mmcodec.280[1].exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.api skipped
C:\Documents and Settings\Tessa\Local Settings\Temporary Internet Files\Content.IE5\3VH9P15E\mmcodec.280[1].exe/stream Infected: Trojan-Downloader.Win32.Zlob.api skipped
C:\Documents and Settings\Tessa\Local Settings\Temporary Internet Files\Content.IE5\3VH9P15E\mmcodec.280[1].exe NSIS: infected - 2 skipped
C:\Documents and Settings\Tessa\Local Settings\Temporary Internet Files\Content.IE5\3VH9P15E\mmcodec.280[1].exe UPX: infected - 2 skipped
C:\Documents and Settings\Tessa\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tessa\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tessa\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tessa\UserData\index.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068742.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068743.exe Infected: Trojan-Downloader.Win32.Zlob.agu skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068745.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068759.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068760.exe Infected: Trojan-Downloader.Win32.Zlob.agu skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068762.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068774.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068775.exe Infected: Trojan-Downloader.Win32.Zlob.agu skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068777.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068795.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068796.exe Infected: Trojan-Downloader.Win32.Zlob.agu skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068797.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068811.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068812.exe Infected: Trojan-Downloader.Win32.Zlob.agu skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068813.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068832.dll Infected: not-a-virus:AdWare.Win32.ProtectionBar.k skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068833.exe Infected: Trojan-Downloader.Win32.Zlob.aoy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068838.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068839.exe Infected: Trojan-Downloader.Win32.Zlob.agu skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068841.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068849.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068854.exe Infected: Trojan-Downloader.Win32.Zlob.agu skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068864.exe Infected: Trojan-Downloader.Win32.Zlob.aoy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068865.exe Infected: Trojan-Downloader.Win32.Zlob.aoy skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP293\A0069011.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP293\A0069012.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP299\A0069460.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP303\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00003116\tmp00000000 Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
TKO250
27 Oct 2006, 06:10pm
//-----------------------------------------------------------------
//
// ProductBitDefender Antivirus v10
// Product10.0
//
// Created on: 27/10/2006 06:07:28
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\
Folders : 11676
Files : 516240
Memory processes scanned : 31
Archives : 15289
Runtime packers : 40629
Identified viruses : 2
Infected files : 2
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 30
Scan time : 01:44:10
Scan speed (files/sec) : 82
Spyware Statistics
Registry keys scanned : 1791
Registry keys infected : 0
Cookies scanned : 5
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 512080
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1161943648.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies
Summary:
C:\Documents and Settings\Tessa\Local Settings\Temp\vb18B.exe=>(NSIS o)=>lzma_nsis0005 Detected: Adware.Vurst.A
C:\Documents and Settings\Tessa\Local Settings\Temp\vb18B.exe=>(NSIS o)=>lzma_nsis0005 Disinfection failed
C:\Documents and Settings\Tessa\Local Settings\Temp\vb18B.exe=>(NSIS o)=>lzma_nsis0005 Move failed
C:\Documents and Settings\Tessa\Local Settings\Temporary Internet Files\Content.IE5\3VH9P15E\mmcodec.280[1].exe=>(NSIS o) Infected: Trojan.Downloader.Zlob.XX
C:\Documents and Settings\Tessa\Local Settings\Temporary Internet Files\Content.IE5\3VH9P15E\mmcodec.280[1].exe=>(NSIS o) Disinfection failed
C:\Documents and Settings\Tessa\Local Settings\Temporary Internet Files\Content.IE5\3VH9P15E\mmcodec.280[1].exe=>(NSIS o) Move failed
Trogan
27 Oct 2006, 09:52pm
Hi TK, welcome to Short-Media Forums! :)
Please do the following...
I would like to see another log from HijackThis. Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button.
Save the file to your desktop, with the default name of uninstall_list
Copy & Paste the entire contents of that file in your in your next post.________________________
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
________________________
Please post the following:
1) Uninstall list
2) Contents of C:\rapport.txt
TKO250
27 Oct 2006, 10:54pm
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 6.0.1
AOL Instant Messenger
Apple Software Update
BitDefender Antivirus v10
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Chikrii Softlab TeX2Word
Conexant D110 MDC V.9x Modem
Digital Line Detect
DivX
DivX Converter
DivX Player
GiPo@MoveOnBoot 1.9.5
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 950c series (Remove only)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iPod for Windows 2005-06-26
iPod Updater 2004-11-15
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
Macromedia Flash Player 8
MathType 5
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
MiKTeX
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (1.5.0.7)
mPfMgr
mPfWiz
mProSafe
MSDN Library for Visual Studio .NET 2003
mSSO
MSXML 4.0 SP2 (KB925672)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
OMCI
Panda ActiveScan
PowerDVD 5.1
QuickSet
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic DLA
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SSH Secure Shell
Synaptics Pointing Device Driver
TeX4PPT
UBT
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VeryPDF PDF2Word v2.0
Virtual Key
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB893086
WinEdt
TKO250
27 Oct 2006, 11:00pm
SmitFraudFix v2.114
Scan done at 17:59:55.43, Fri 10/27/2006
Run from C:\Documents and Settings\Tessa\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tessa
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tessa\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tessa\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\MMediaCodec\ FOUND !
C:\Program Files\VirusBurster\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sockspy.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Trogan
28 Oct 2006, 12:18am
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files. Proceed like this:
Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________
Please post:
c:\rapport.txt
Ewido log
A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.
TKO250
28 Oct 2006, 12:44am
ooops...I need to learn to read a head...lol...
Trogan
28 Oct 2006, 04:41pm
Hows it going with the instructions?
TKO250
28 Oct 2006, 05:06pm
It took so long to run the AVG scan last night I got tired and went to bed.
The only real problem that I encountered was that my laptop screen is so small (I have a dell latitude x1 that weighs about 3 lbs) that when I opened AVG in safe mode I couldn't see the whole program....I had to run the scan and just hope that all the boxes under How to Scan and Unwanted software were checked....
Here's rapport.txt now:
SmitFraudFix v2.114
Scan done at 20:11:07.54, Fri 10/27/2006
Run from C:\Documents and Settings\Tessa\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Program Files\MMediaCodec\ Deleted
C:\Program Files\VirusBurster\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
TKO250
28 Oct 2006, 05:10pm
Logfile of HijackThis v1.99.1
Scan saved at 12:07:12 PM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Cygwin\usr\X11R6\bin\XWin.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [holdem companion] C:\Program Files\Party Poker Companion\Hold'em Companion.exe /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Start X Windows.lnk = C:\Cygwin\usr\X11R6\bin\startxwin.bat
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154182023040
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
TKO250
28 Oct 2006, 05:11pm
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 6.0.1
AOL Instant Messenger
Apple Software Update
AVG Anti-Spyware 7.5
BitDefender Antivirus v10
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Chikrii Softlab TeX2Word
Conexant D110 MDC V.9x Modem
Digital Line Detect
DivX
DivX Converter
DivX Player
GiPo@MoveOnBoot 1.9.5
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 950c series (Remove only)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iPod for Windows 2005-06-26
iPod Updater 2004-11-15
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
Macromedia Flash Player 8
MathType 5
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
MiKTeX
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (1.5.0.7)
mPfMgr
mPfWiz
mProSafe
MSDN Library for Visual Studio .NET 2003
mSSO
MSXML 4.0 SP2 (KB925672)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
OMCI
Panda ActiveScan
PowerDVD 5.1
QuickSet
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic DLA
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SSH Secure Shell
Synaptics Pointing Device Driver
TeX4PPT
UBT
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VeryPDF PDF2Word v2.0
Virtual Key
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB893086
WinEdt
TKO250
28 Oct 2006, 05:12pm
I don't have an ewido.txt but I have the scan report from running AVG:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:01:07 PM 10/27/2006
+ Scan result:
HKU\S-1-5-21-1350091684-3114609042-756413871-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1350091684-3114609042-756413871-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP293\A0069012.exe -> Adware.VirusBurster : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068742.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068745.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068759.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068762.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068774.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068777.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068795.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068797.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068811.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068813.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068838.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068841.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP299\A0069460.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0068849.exe -> Not-A-Virus.Hoax.Win32.Renos.ev : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.610:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.611:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.635:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.636:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.603:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.604:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.605:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.606:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.607:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.85:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.86:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.91:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.92:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.571:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.572:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.573:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.671:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.171:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.172:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.174:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.175:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.177:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.178:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.684:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned.
:mozilla.206:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.207:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.208:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.209:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.210:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.211:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.212:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.213:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.214:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.215:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.216:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.217:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.218:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.219:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.220:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.221:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.222:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.223:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.224:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.225:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.226:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.227:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.685:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.686:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.687:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.688:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.689:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.690:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.691:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.692:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.693:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.694:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.695:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.281:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.621:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.622:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.623:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.729:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.406:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.407:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.408:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.417:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.416:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.88:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.89:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.90:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.424:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.425:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.426:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.454:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.455:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.234:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.235:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.236:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.459:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.460:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.461:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.462:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.463:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.181:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.84:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.473:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.483:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.484:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.497:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.498:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.499:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.500:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.501:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.502:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.503:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.504:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.505:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.506:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.507:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.574:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.549:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.550:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.551:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.552:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.553:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.554:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.545:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.546:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.547:C:\Documents and Settings\Tessa\Application Data\Mozilla\Firefox\Profiles\ump1iagy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP293\A0069011.dll -> Trojan.Fakealert : Cleaned with backup (quarantined).
::Report end
Trogan
28 Oct 2006, 06:40pm
Hi TK, you did a good job. As for the Ewido log, that was my fault. AVG anti-spyware was formerly Ewido.
I don't see any indication of a Firewall in your HijackThis log. This may be because:
(1.) You are using Windows Firewall or a hardware Firewall.
(2.) You are using a Firewall of an unknown vendor.
(3.) You are using a Firewall, but it is disabled for unknown reasons
(4.) You don't use any firewall at all.
In the case you don't have a Firewall, please download one from the list below - They are Free!
Zone Alarm (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp) << I recommend this
Sunbelt Kerio PF (http://www.sunbelt-software.com/Kerio-Download.cfm)
Outpost Firewall (http://www.agnitum.com/products/outpostfree/download.php)
________________________________
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
Java 2 Runtime Environment, SE v1.4.2_03 Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
________________________________
Your HijackThis log is clean. Let me know how things are. :)
TKO250
28 Oct 2006, 07:16pm
I used to run Zone Alarm, but I have had problems with it in the past. For a while my processor was running at 100% all the time and I finally figured out that Zone Alarm was the problem...when I (finally) managed to remove it the problem went away....not only that but at my office network it won't allow me to print to the network printers when Zone Alarm is on....so every time I want to print something (which is often) I have to shut down Zone Alarm to print and then turn it back on....so I've just been running the Window's firewall.
If there is something I could do so that Zone Alarm wouldn't interfer with with my office network and printing I'd consider installing it again....otherwise, is there something else you could recommend that I could purchase (it would be worth it to me).
Trogan
28 Oct 2006, 07:21pm
I had that problem with Zone Alarm, where I couldn't print or access files/folders on the network. All Zone Alarm needs is configuring so your network has permission, but its not easy...atleast it wasn't for me. It took me a while to figure out what to do. If you want to give the confuring a try, you can do. I'll help you if you would like. Otherwise, here are some other Free Firewalls that I have never used before.
Sunbelt Kerio PF (http://www.sunbelt-software.com/Kerio-Download.cfm)
Outpost Firewall (http://www.agnitum.com/products/outpostfree/download.php)
TKO250
28 Oct 2006, 07:39pm
Well, I've updated the Java....
I'll download Zone Alarm again - I'd love it if you'd help me configure it...but I won't be back in the office until Monday...really though - whenever is convienient for you during the week...
I cannot thank you enough...my computer is running so smoothy I can hardly believe it!
TKO250
28 Oct 2006, 07:42pm
Oh - one more question - besides running a firewall like Zone Alarm, what else to you recommend as far as, say, weekly or montly maintainance, to keep a computer running smoothly....I was thinking I'd run Spybot, and Adware weekly...anything else?
Trogan
28 Oct 2006, 07:51pm
Instead of Ad-Aware, I would scan with AVG anti-spyware. You can scan with it in Normal Mode and weekly scans sounds good. I think your well protected. You have SpywareBlaster too.
I'll come back to you about configuring Zone Alarm. Just need to remind myself on how I did it. :)
Please consider joining the Folding@Home Project :)
MORE INFO: READ THIS (http://www.teamshort-media.com/join)
vBulletin® v3.7.3, Copyright ©2000-2009, Jelsoft Enterprises Ltd.