Options
Homepage issue
Been through the sticky threads, have followed these steps:
Ad-Aware SE Personal
Spybot - Search & Destroy
Hijack This!
Followed directions for SpyQuake removal (was infected)
Here are the following logs I have:
Hijack This! log:
Logfile of HijackThis v1.99.1
Scan saved at 5:45:48 PM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Daniel Ray\Desktop\Virus\Hijack This\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Panda ActiveScan log: (edited for easier reading, status in bold)
Incident Status Location
Spyware:Cookie/Doubleclick Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Apmebf Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Entrepreneur Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Findwhat Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/Go Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.go.com/]
Spyware:Cookie/Overture Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.overture.com/]
Spyware:Cookie/Peel Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.peel.com/]
Spyware:Cookie/Overture Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/SpyLog Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Statcounter Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Target Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.target.com/]
Spyware:Cookie/Tradedoubler Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/TrafficMarketplace Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adserver Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Enhance Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/BurstBeacon Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/myaffiliateprogram Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Doubleclick Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.112.2o7.net/]
Spyware:Cookie/BurstNet Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Go Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/QuestionMarket Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Statcounter Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adserver Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/YieldManager Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[ad.yieldmanager.com/]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[Xeyond.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[Xeyond.class]
Potentiallyunwantedtool:Application/Processor Notdisinfected C:\DocumentsandSettings\DanielRay\Desktop\Virus\smitRem\smitRem\Process.exe
Adware:adware/securityerror Notdisinfected C:\DocumentsandSettings\DanielRay\Favorites\AntivirusTestOnline.url
Potentiallyunwantedtool:Application/Processor Notdisinfected C:\DocumentsandSettings\DanielRay\LocalSettings\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\Cache\3EFBEAA3d01[smitRem/Process.exe]
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\DocumentsandSettings\DanielRay\LocalSettings\Temp\1803D.tmp
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\DocumentsandSettings\DanielRay\LocalSettings\Temp\18053.tmp
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\DocumentsandSettings\DanielRay\LocalSettings\Temp\1808C.tmp
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\ProgramFiles\MozillaFirefox\plugins\npclntax.dll
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\ProgramFiles\Netscape\Netscape\plugins\npclntax.dll
Potentiallyunwantedtool:Application/Processor Notdisinfected C:\ProgramFiles\Roguescanfix\Process.exe
I know I still have a problem, not only because of the files that were not disinfected by Panda ActiveScan, but also because of the way Internet Explorer is acting. When I open IE, it opens up the page "about:blank" which immediately redirects me to "http://www.securityuptodate.net/" which prompts me to download anti-maliware software. I have changed the homepage in my internet options back to "www.yahoo.com" as well as "www.msn.com" but it continues to change it back to "about:blank" and the problem continues.
Any help is appreciated. Thanks very much!
In Christ,
Daniel
Ad-Aware SE Personal
Spybot - Search & Destroy
Hijack This!
Followed directions for SpyQuake removal (was infected)
Here are the following logs I have:
Hijack This! log:
Logfile of HijackThis v1.99.1
Scan saved at 5:45:48 PM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Daniel Ray\Desktop\Virus\Hijack This\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Panda ActiveScan log: (edited for easier reading, status in bold)
Incident Status Location
Spyware:Cookie/Doubleclick Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Apmebf Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Entrepreneur Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Findwhat Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/Go Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.go.com/]
Spyware:Cookie/Overture Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.overture.com/]
Spyware:Cookie/Peel Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.peel.com/]
Spyware:Cookie/Overture Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/SpyLog Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Statcounter Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Target Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.target.com/]
Spyware:Cookie/Tradedoubler Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/TrafficMarketplace Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adserver Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Enhance Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/BurstBeacon Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/myaffiliateprogram Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Doubleclick Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.112.2o7.net/]
Spyware:Cookie/BurstNet Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Go Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/QuestionMarket Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Statcounter Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adserver Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/YieldManager Notdisinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Mozilla\Profiles\diamond03\465on4sl.slt\cookies.txt[ad.yieldmanager.com/]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-6d303a8e.zip[Xeyond.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\DocumentsandSettings\DanielRay\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-fcdb0fa-6662e1d2.zip[Xeyond.class]
Potentiallyunwantedtool:Application/Processor Notdisinfected C:\DocumentsandSettings\DanielRay\Desktop\Virus\smitRem\smitRem\Process.exe
Adware:adware/securityerror Notdisinfected C:\DocumentsandSettings\DanielRay\Favorites\AntivirusTestOnline.url
Potentiallyunwantedtool:Application/Processor Notdisinfected C:\DocumentsandSettings\DanielRay\LocalSettings\ApplicationData\Mozilla\Firefox\Profiles\zh0v8d9f.default\Cache\3EFBEAA3d01[smitRem/Process.exe]
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\DocumentsandSettings\DanielRay\LocalSettings\Temp\1803D.tmp
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\DocumentsandSettings\DanielRay\LocalSettings\Temp\18053.tmp
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\DocumentsandSettings\DanielRay\LocalSettings\Temp\1808C.tmp
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\ProgramFiles\MozillaFirefox\plugins\npclntax.dll
Potentiallyunwantedtool:Application/Zango Notdisinfected C:\ProgramFiles\Netscape\Netscape\plugins\npclntax.dll
Potentiallyunwantedtool:Application/Processor Notdisinfected C:\ProgramFiles\Roguescanfix\Process.exe
I know I still have a problem, not only because of the files that were not disinfected by Panda ActiveScan, but also because of the way Internet Explorer is acting. When I open IE, it opens up the page "about:blank" which immediately redirects me to "http://www.securityuptodate.net/" which prompts me to download anti-maliware software. I have changed the homepage in my internet options back to "www.yahoo.com" as well as "www.msn.com" but it continues to change it back to "about:blank" and the problem continues.
Any help is appreciated. Thanks very much!
In Christ,
Daniel
0
Comments
Download CCleaner http://www.ccleaner.com/ and uncheck only delete files older than 24 hours in the options.
Make sure Spybot is updated and spywareblaster http://www.javacoolsoftware.com/spywareblaster.html
Download Trial version of Ewido http://www.ewido.net/en/ and let it try removing stuff.
One of the official members will be here to help you shortly. Till then, try out my suggestions.
Daniel
1.Reboot in Safe mode. (http://www.pchell.com/support/safemode.shtml)
2. Start, Control Panel, Folder Options, View: check SHOW HIDDEN FILES AND FOLDERS;
3. Go to C:\WINDOWS\system32\hp100.tmp & cancel it.
4. Search & cancel C:\WINDOWS\system32\atmclk.exe
5. Search & cancel C:\WINDOWS\system32\dcomcfg.exe
6. Run Spybot. Fix problems
7.Reboot and run: http://www.bitdefender.com/scan8/ie.html.
I hope it will work for you, as it did for my computer.