Need Help with a Trojan Malware Virus!
Can someone please let me know what I need to delete to fix this problem? Currently I have disabled the "Error 1752..." Message from my desktop but it is still a blank black screen as opposed to my acutal wallpaper (and I have no control over it). Also, there is an icon (red circle with an X in it) on my toolbar which keeps telling me i'm "infected, get software, etc.". Here is my Hijack This log...
Logfile of HijackThis v1.99.1
Scan saved at 11:13:09 AM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\paytime.exe
C:\WINDOWS\system32\eventwvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\winstall.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Ian Young\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {008764D5-773A-A0CE-0E07-D1A50B2AEB9C} - C:\WINDOWS\system32\crvz32.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SysTray] C:\Program Files\paytime.exe
O4 - HKLM\..\Run: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - HKLM\..\RunServices: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\IANYOU~1\LOCALS~1\Temp\4A.tmp
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Shortcut to MDGnotify.lnk = C:\WINDOWS\MDG\MDGnotify.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: ConferenceRoom Java Client - http://cr.aokchat.com:8000/java/cr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:13:09 AM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\paytime.exe
C:\WINDOWS\system32\eventwvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\winstall.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Ian Young\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {008764D5-773A-A0CE-0E07-D1A50B2AEB9C} - C:\WINDOWS\system32\crvz32.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SysTray] C:\Program Files\paytime.exe
O4 - HKLM\..\Run: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - HKLM\..\RunServices: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\IANYOU~1\LOCALS~1\Temp\4A.tmp
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Shortcut to MDGnotify.lnk = C:\WINDOWS\MDG\MDGnotify.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: ConferenceRoom Java Client - http://cr.aokchat.com:8000/java/cr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
0
This discussion has been closed.
Comments
==
Please print these instructions out, or write them down, as you can't read them during the fix.
Please download SmitfraudFix by S!Ri
Extract the content (a folder named SmitfraudFix) to your Desktop.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
==
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode
5) Choose your usual account.
==
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
==
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
==
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
==
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
SmitFraudFix v2.31
Scan done at 12:23:13.14, Tue 04/18/2006
Run from C:\Documents and Settings\Ian Young\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\exit Deleted
C:\kl1.exe Deleted
C:\ms1.exe Deleted
C:\tool2.exe Deleted
C:\tool3.exe Deleted
C:\tool4.exe Deleted
C:\tool5.exe Deleted
C:\uniq Deleted
C:\WINDOWS\system32\bin29a.log Deleted
C:\WINDOWS\system32\oleext.dll Deleted
C:\WINDOWS\system32\parad.raw.exe Deleted
C:\WINDOWS\system32\taskdir.dll Deleted
C:\WINDOWS\system32\taskdir~.exe Deleted
C:\Documents and Settings\Ian Young\Application Data\Install.dat Deleted
C:\Program Files\SpySheriff\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
Could you please post a fresh HijackThis log to look at, too?
Scan saved at 2:19:27 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {008764D5-773A-A0CE-0E07-D1A50B2AEB9C} - C:\WINDOWS\system32\crvz32.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: ConferenceRoom Java Client - http://cr.aokchat.com:8000/java/cr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {008764D5-773A-A0CE-0E07-D1A50B2AEB9C} - C:\WINDOWS\system32\crvz32.dll (file missing)
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll (file missing)
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Instal...sinstaller.cab
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Close HijackThis. Please reboot.
==
Navigate to, and delete the following files after reboot (if present):
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINDOWS\system32\eventwvr.exe
Now empty recycle bin.
==
Please go HERE to run Panda's ActiveScan
Incident Status Location
Adware:adware/sahagent Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\sporder_.dll
Adware:adware/downloadware Not disinfected C:\WINDOWS\Digital Signature 20030630.htm
Adware:adware/gator Not disinfected C:\WINDOWS\GatorHDPlugin.log
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall4_88.exe
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_lwjdbo.txt
Potentially unwanted tool:application/anti-virus-pro Not disinfected C:\PROGRAM FILES\Anti-Virus-Pro
Adware:adware/sqwire Not disinfected Windows Registry
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.hotlog.ru/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.qksrv.net/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.targetnet.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.targetnet.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/XXXtoolbar Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.xxxtoolbar.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[a.as-us.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.bfast.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.gator.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.overture.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[bilbo.counted.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.paycounter.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.revenue.net/]
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[ads.gorillanation.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.bravenet.com/]
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[.smni.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[stat.onestat.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.2o7.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.com.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.sexlist.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.atwola.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.adtech.de/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.hitbox.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.burstnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.advertising.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.bluestreak.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.serving-sys.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.fastclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.qksrv.net/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.valueclick.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.apmebf.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.valueclick.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.bfast.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.belnk.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.toplist.cz/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.zedo.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.bravenet.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.targetnet.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.tucows.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.yadro.ru/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.fortunecity.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.go.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.adviva.net/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.centrport.net/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.tickle.com/]
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[www.advnt01.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[.paycounter.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[server.iad.liveperson.net/hc/31953349]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[server.iad.liveperson.net/hc/31953349]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[rightmedia.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.rightmedia.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[64.62.232.6/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[mmm.media-motor.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[image.checkmystats.com.au/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.hg1.hitbox.com/]
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.gator.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[hc2.humanclick.com/hc/74656227]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.com.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.xiti.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[statse.webtrendslive.com/S148623]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.statse.webtrendslive.com/S148623]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.zedo.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[server.iad.liveperson.net/hc/32849030]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.www.web-stat.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.www.web-stat.com/]
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.smni.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.tickle.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[.stat.onestat.com/]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\OPTIONMAPIFORDSOFTWARE\Pure Dvd.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\OPTIONMAPIFORDSOFTWARE\sign knob.exe
Virus:Exploit/ByteVerify Renamed C:\Documents and Settings\Ian Young\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-375f98aa.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-39162053.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-39162053.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-39162053.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-39162053.zip[Installer.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies-1.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies-1.txt[70062990]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies-1.txt[]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[31953349]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\tcvqsfye.Ian\cookies.txt[31953349]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[74656227]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[S148623]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[32849030]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Firefox\Profiles\xzaxqdw0.default\cookies.txt[]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Ian Young\Application Data\Mozilla\Profiles\default\w9t21voe.slt\cookies.txt[]
Adware:Adware/CWS Not disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-62a3aa5-7c1398ae.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-17e463cc-246cbcee.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-17e463cc-246cbcee.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-17e463cc-246cbcee.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-17e463cc-246cbcee.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3f991de1-55726fbe.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3f991de1-55726fbe.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3f991de1-55726fbe.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3f991de1-55726fbe.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43f116b6-293f48a2.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43f116b6-293f48a2.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43f116b6-293f48a2.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43f116b6-293f48a2.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-52d13b5c-5bcb22a8.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-52d13b5c-5bcb22a8.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-52d13b5c-5bcb22a8.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-52d13b5c-5bcb22a8.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aca7787-525b0067.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aca7787-525b0067.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aca7787-525b0067.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aca7787-525b0067.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aca7787-58de2d6a.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aca7787-58de2d6a.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aca7787-58de2d6a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aca7787-58de2d6a.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-18dfa68c-38f0eb9e.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-18dfa68c-38f0eb9e.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-18dfa68c-38f0eb9e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-18dfa68c-38f0eb9e.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-41adaf8a-62314077.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-41adaf8a-62314077.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-41adaf8a-62314077.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-41adaf8a-62314077.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-45c6aa50-3c7226b8.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-45c6aa50-3c7226b8.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-45c6aa50-3c7226b8.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-45c6aa50-3c7226b8.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-49c897f8-48807dfc.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-49c897f8-48807dfc.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-49c897f8-48807dfc.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-49c897f8-48807dfc.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76625711-356cab7a.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76625711-356cab7a.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76625711-356cab7a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76625711-356cab7a.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-768950e8-1ccfe77d.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-768950e8-1ccfe77d.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-768950e8-1ccfe77d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-768950e8-1ccfe77d.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a8277e5-544a59c1.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a8277e5-544a59c1.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a8277e5-544a59c1.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a8277e5-544a59c1.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-723bc9df-29efd24e.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-723bc9df-29efd24e.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-723bc9df-29efd24e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-723bc9df-29efd24e.zip[Dummy.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-10015c94-2cd4732d.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-10015c94-2cd4732d.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-10015c94-2cd4732d.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-10015c94-2cd4732d.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5d941347-5a4fe27d.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5d941347-5a4fe27d.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5d941347-5a4fe27d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5d941347-5a4fe27d.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\oldarchi.jar-18b60a38-1f8dfb52.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\oldarchi.jar-18b60a38-1f8dfb52.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\oldarchi.jar-18b60a38-1f8dfb52.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ian Young\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\oldarchi.jar-18b60a38-1f8dfb52.zip[Beyond.class]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ian Young\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Sinowal.K Disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
Adware:Adware/SearchAid Not disinfected C:\Quarantine\crvz32.ddd
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall4_88.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\n_lwjdbo.txt
Adware:Adware/Redswoosh Not disinfected C:\WINDOWS\RSEDNClientUninstaller.exe
Potentially unwanted tool:Application/Processor C:\WINDOWS\system32\Process.exe
Adware:Adware/SAHAgent
- Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
- It will say "Java Plug-in" under the icon.
- If you are unable to update you can manually update by going here:
[*]After the reboot, go back into the Control Panel and double-click the Java Icon.Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
http://www.java.com/en/download/manual.jsp
[*]Under Temporary Internet Files, click the Delete Files button.
[*]There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Other Files
[*]Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
[*]Click OK to leave the Java Control Panel.
==
Then please post back with a fresh HijackThis log (if you did delete all the infected files manually like you said).
Logfile of HijackThis v1.99.1
Scan saved at 9:51:55 AM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://cr.aokchat.com:8000/java/cr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)
Did you update Java?
Logfile of HijackThis v1.99.1
Scan saved at 11:21:06 AM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://cr.aokchat.com:8000/java/cr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
Please post the following:
Ad-Aware SE Personal
Adobe Reader 7.0.7
ArcSoft PhotoImpression 3.0
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
DivX
DivX ;-) Audio Compressor 4.02
Efficient Networks SpeedStream DSL
Epi Info
ewido anti-malware
HijackThis 1.99.1
hp deskjet 3320 series (Remove only)
hp instant support
Intel Application Accelerator
Intel(R) 82845G Graphics Driver Software
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterActual Player
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.5.0
Java Web Start
Last.fm Player 1.1.4
LimeWire 4.10.9
Macromedia Shockwave Player
McAfee VirusScan
Microsoft ActiveSync 3.8
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.0.1)
Mozilla Firefox (1.0.7)
MSN Messenger 7.5
Nero - Burning Rom
Panda ActiveScan
PowerDVD
QuickTime
RealOne Player
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Shockwave
SigmaTel AC97 Audio Drivers
SoulSeek Client 156c
Spybot - Search & Destroy 1.2
SpywareBlaster v3.5.1
Tiger Gaming
TSA
upapp
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player (Remove Only)
Visual IP InSight(Sympatico Consumer)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
XviD MPEG-4 Video Codec
http://www.mozilla.com/
Do not run the installer yet.
Please uninstall these entries through Add/Remove programs:
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.5.0
Mozilla Firefox (1.0.1)
Mozilla Firefox (1.0.7)
upapp
Run the FF 1.5.0.2 installer.
Next, get the latest Sun Java here, manually: http://www.java.com/en/download/manual.jsp
==
You have an outdated version of SpyBot. The latest build would be 1.4, you have 1.2.
Download SpyBot S&D, Click Here
Do the following with version 1.2 first:
1. Undo immunization
2. If SDHelper and TeaTimer are enabled, deactivate them first.
3. If Opera Browser is installed, de-select protection for Opera Immunity
4. Uninstall old version of Spybot S&D
5. Reboot
Install the latest SpyBot.
==
Some preventive maintenance:
Please read here how to clear old restore points and create a new one.
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Here's some tips for future to prevent spyware;
Detect and Remove Programs:
- How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
- How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:- Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Other necessary Programs:- AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
- Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
- More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;So how did I get infected in the first place? (My favourite)