I let it run for about 3 hours and it didn't say "not responding", but it wasn't allowing me to save or cut and paste. I think it was still adding host files? I don't know, but there were a ton, hundreds, if not thousands to be sure.
How else can we attack those 01 files? I'm stumped.
Logfile of HijackThis v1.99.1
Scan saved at 6:44:30 AM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Hidownload sounds familiar, but I can't place it 100%. Sorry about the loss today...thanks again.
Uninstall list:
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
AdsGone Popup Killer by A1Tech.com
Antares Tube VST v1.02
AOL Instant Messenger
Arturia Moog Modular V v1.2
AVG Free Edition
Business Contact Manager for Outlook 2003
Canon Digital Camera USB WIA Driver
Conexant SmartHSFi V92 56K DF PCI Modem
CutterMusic Revitar VSTi v1.1.3
Dell P1500 factory-installed files
Dell Printer Software Uninstall
Digital Line Detect
DivX
DivX Player
DivX Web Player
DVDSentry
Easy CD Creator 5 Basic
FastStone Photo Resizer 1.4
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel (R) Pro Alerting Agent
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
Ipswitch WS_FTP LE
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Korg Legacy Collection v1.0.0.2
Learn2 Player (Uninstall Only)
Lexicon PSP 42 VST DX v1.0
Logitech Gaming Software
Macromedia Fireworks MX 2004
Macromedia Flash Player 8
M-Audio USB Quattro
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Excel Viewer 97
Microsoft Office Small Business Edition 2003
Microsoft Office XP Professional with FrontPage
Modem Helper
Mozilla Firefox (1.0.6)
Mp3 Cutter and Joiner 1.0
MSN Music Assistant
Native Instruments Absynth 2
Native Instruments FM7 Sounds Vol.1
Native Instruments Kontakt
NetWaiting
Novation Bass-Station VSTi v1.10
OhmForce OhmBoyz 1.3
Ohmforce Quad Frohmage Pro VST v1.10
PowerDVD
PQ DVD to iPod Video Converter (remove only)
PSP VintageWarmer v1.5d
PSP84 1.3
QuickTime
RealPlayer Basic
Rob Papen Albino 2
SBC Self Support Tool
SBC Yahoo! Applications
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Skype 2.0
SoulSeek Client 156c
SpinAudio RoomVerb M2 1.3
SpinAudio SpinDelay 2.0
Steinberg Cubase SX v2.0.2.31
STOIK Smart Resizer
Synapse Hydra VSTi V1.1
U.S. Robotics Wireless MAXg Adapter
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual IP InSight(SBC)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Anyway, lets continue. Can you do the following please...
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
=====
You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!
Follow the prompts. Make sure that Launch Ewido is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message. Note: If the Update now option is grayed out, follow the steps below.
Click on Update on the toolbar.
Under Manual update, click on the Start Update button.
Wait until you see the Update succesfull message.
Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido. Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
Once in Safe Mode:
Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine(1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button.
Click the Save Report as button.
Save the report to your Desktop.
Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
=====
Please post the following:
1) Ewido log
2) Panda Report
3) New HijackThis log
You may need several posts, otherwise the logs will get cut off.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
HKU\S-1-5-21-3598569149-350023035-1853644672-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-3598569149-350023035-1853644672-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-4b4e04ec-768fe660.class -> Downloader.OpenStream.y : Cleaned with backup (quarantined).
C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wfkyagazsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wjk4kpd5gao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wjlysndjwaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wjnyegdjccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wjnyqjd5elp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@ads.euniverseads[2].txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
Panda Report:
Incident Status Location
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-e098ab1-3cd9497f.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-e098ab1-3cd9497f.zip[VB.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-e098ab1-3cd9497f.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-e098ab1-3cd9497f.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7aff768e.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7aff768e.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7aff768e.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7aff768e.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-25f636d5.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-25f636d5.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-25f636d5.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-25f636d5.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-56157853-68119777.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-56157853-68119777.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-56157853-68119777.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-56157853-68119777.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7766c3d7-55fc3576.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7766c3d7-55fc3576.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7766c3d7-55fc3576.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7766c3d7-55fc3576.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-6b6ab30c.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-6b6ab30c.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-6b6ab30c.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-6b6ab30c.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-2d6b9ed7-7584a7b9.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-2d6b9ed7-7584a7b9.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-2d6b9ed7-7584a7b9.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-2d6b9ed7-7584a7b9.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-4d7c6d2a-42ee86b4.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-4d7c6d2a-42ee86b4.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-4d7c6d2a-42ee86b4.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-4d7c6d2a-42ee86b4.zip[Dummy.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-4ceeb842-2ea8054a.zip[SandBoxEscape.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-4ceeb842-2ea8054a.zip[SuperMSClassLoader.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-4ceeb842-2ea8054a.zip[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-4ceeb842-2ea8054a.zip[Installer.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-7bf208c8.zip[SandBoxEscape.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-7bf208c8.zip[SuperMSClassLoader.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-7bf208c8.zip[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-7bf208c8.zip[Installer.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-383ccec8-54de602a.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-383ccec8-54de602a.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-383ccec8-54de602a.zip[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-383ccec8-54de602a.zip[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv281.jar-6b93d76f-4835a9f4.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv281.jar-6b93d76f-4835a9f4.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv281.jar-6b93d76f-4835a9f4.zip[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv281.jar-6b93d76f-4835a9f4.zip[Parser.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b188d-5efa2396.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b188d-5efa2396.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b188d-5efa2396.zip[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b188d-5efa2396.zip[Parser.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-7d64798d.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-7d64798d.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-7d64798d.zip[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-7d64798d.zip[Parser.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[NudeBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[Worker.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[VerifierBug.class]
Virus:Trj/Multidropper.NE Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[javautil.zip]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Colin\Cookies\colin@atwola[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Colin\Cookies\colin@ccbill[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Colin\Cookies\colin@entrepreneur[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@adultfriendfinder[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@c3.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cgi-bin[4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@go[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@image.checkmystats.com[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@rightmedia[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@uol.com[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@winfixer[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@xiti[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\st.exe Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 2:05:20 PM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Go to Start > Control Panel > double-click Java
Under the General tab, click Delete Files...
Check the THREE boxes, and press OK
Press OK again to exit the Java Control Panel.
Please scan again with Panda and post its report back here.
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\legqmchw.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Colin\Cookies\colin@247realmedia[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Colin\Cookies\colin@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Colin\Cookies\colin@atwola[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Colin\Cookies\colin@ccbill[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin\Cookies\colin@counter5.sextracker[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Colin\Cookies\colin@cs.sexcounter[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colin\Cookies\colin@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Colin\Cookies\colin@entrepreneur[2].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Colin\Cookies\colin@paycounter[1].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Colin\Cookies\colin@sexlist[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin\Cookies\colin@sextracker[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin\Cookies\colin@zedo[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@adultfriendfinder[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@c3.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cgi-bin[4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@go[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@image.checkmystats.com[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@rightmedia[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@uol.com[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@winfixer[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@xiti[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\st.exe
What do I remove in ATF? I just want to make sure I get the right stuff.
Use ATF Cleaner like you did before. Look at post #43 for a reminder.
Also, what can I do to improve the CPU performance. Should I defrag?
A defrag should help. If it doesn't let me know.
And thank you so so so much for all your time and help. I really appreciate it. Do you have a donation link or anything. I feel I owe you something.
Thats very kind, although there is no need to donate. But it would be great if you would consider joining the Folding@Home project. More info in the Forum here. ...consider this a donation. Have a look around the Forums too. I'm sire you'll like it, especially the Pub.
Comments
I changed it to HJT.exe, but now it won't even run the entire log file.
Rename HijackThis back to HijackThis.exe and see if that works.
And Hijack this is a mess...freezes up every time. I even deleteed it and dled a new copy, but still no good. Gonna try to reboot.
You can try notepad. Copy and paste this into run:
wordpad C:\WINDOWS\system32\drivers\etc\hosts
How else can we attack those 01 files? I'm stumped.
Thanks!
First press Create Backup Hosts File
Then press Restore Microsoft's Original Hosts File
Hopefully, it will work.
Logfile of HijackThis v1.99.1
Scan saved at 6:44:30 AM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\M-Audio USB Quattro\QuatTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Colin\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idoc.wellpoint.com/registration
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\SYSTEM32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: M-Audio Quattro Control Panel Launcher.lnk = C:\Program Files\M-Audio USB Quattro\QuatTask.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156643306823
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
?
That entry is Legit >> http://www.castlecops.com/tk68-Hdbho_dll.html
Do you know anything about HiDownload?
Uninstall list:
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
AdsGone Popup Killer by A1Tech.com
Antares Tube VST v1.02
AOL Instant Messenger
Arturia Moog Modular V v1.2
AVG Free Edition
Business Contact Manager for Outlook 2003
Canon Digital Camera USB WIA Driver
Conexant SmartHSFi V92 56K DF PCI Modem
CutterMusic Revitar VSTi v1.1.3
Dell P1500 factory-installed files
Dell Printer Software Uninstall
Digital Line Detect
DivX
DivX Player
DivX Web Player
DVDSentry
Easy CD Creator 5 Basic
FastStone Photo Resizer 1.4
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel (R) Pro Alerting Agent
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
Ipswitch WS_FTP LE
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Korg Legacy Collection v1.0.0.2
Learn2 Player (Uninstall Only)
Lexicon PSP 42 VST DX v1.0
Logitech Gaming Software
Macromedia Fireworks MX 2004
Macromedia Flash Player 8
M-Audio USB Quattro
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Excel Viewer 97
Microsoft Office Small Business Edition 2003
Microsoft Office XP Professional with FrontPage
Modem Helper
Mozilla Firefox (1.0.6)
Mp3 Cutter and Joiner 1.0
MSN Music Assistant
Native Instruments Absynth 2
Native Instruments FM7 Sounds Vol.1
Native Instruments Kontakt
NetWaiting
Novation Bass-Station VSTi v1.10
OhmForce OhmBoyz 1.3
Ohmforce Quad Frohmage Pro VST v1.10
PowerDVD
PQ DVD to iPod Video Converter (remove only)
PSP VintageWarmer v1.5d
PSP84 1.3
QuickTime
RealPlayer Basic
Rob Papen Albino 2
SBC Self Support Tool
SBC Yahoo! Applications
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Skype 2.0
SoulSeek Client 156c
SpinAudio RoomVerb M2 1.3
SpinAudio SpinDelay 2.0
Steinberg Cubase SX v2.0.2.31
STOIK Smart Resizer
Synapse Hydra VSTi V1.1
U.S. Robotics Wireless MAXg Adapter
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual IP InSight(SBC)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Anyway, lets continue. Can you do the following please...
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement."
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
- J2SE Runtime Environment 5.0 Update 5
- J2SE Runtime Environment 5.0 Update 6
- Java 2 Runtime Environment, SE v1.4.2_03
- Java 2 Runtime Environment, SE v1.4.2_05
- Viewpoint Manager (Remove Only)
- Viewpoint Media Player
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.
=====Your Firefox is old. Even if you do not use it, I suggest updating it. You can do this by going to Help > Check for Updates within Firefox.
=====
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
=====
You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!
Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install Ewido by double clicking the installer.
- Follow the prompts. Make sure that Launch Ewido is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Click on Update on the toolbar.
- Under Manual update, click on the Start Update button.
- Wait until you see the Update succesfull message.
- Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.Note: If the Update now option is grayed out, follow the steps below.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Once in Safe Mode:Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
=====Reboot back into Normal Mode=====IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Please do an online scan with Panda ActiveScan
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
=====
Please post the following:
1) Ewido log
2) Panda Report
3) New HijackThis log
You may need several posts, otherwise the logs will get cut off.
ewido anti-spyware - Scan Report
+ Created at: 1:43:01 PM 9/17/2006
+ Scan result:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
HKU\S-1-5-21-3598569149-350023035-1853644672-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-3598569149-350023035-1853644672-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-4b4e04ec-768fe660.class -> Downloader.OpenStream.y : Cleaned with backup (quarantined).
C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wfkyagazsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wjk4kpd5gao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wjlysndjwaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wjnyegdjccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@e-2dj6wjnyqjd5elp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@ads.euniverseads[2].txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Cookies\colin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
Panda Report:
Incident Status Location
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-e098ab1-3cd9497f.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-e098ab1-3cd9497f.zip[VB.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-e098ab1-3cd9497f.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-e098ab1-3cd9497f.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7aff768e.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7aff768e.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7aff768e.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7aff768e.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-25f636d5.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-25f636d5.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-25f636d5.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-25f636d5.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-56157853-68119777.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-56157853-68119777.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-56157853-68119777.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-56157853-68119777.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7766c3d7-55fc3576.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7766c3d7-55fc3576.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7766c3d7-55fc3576.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7766c3d7-55fc3576.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-6b6ab30c.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-6b6ab30c.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-6b6ab30c.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-ab3806d-6b6ab30c.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-2d6b9ed7-7584a7b9.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-2d6b9ed7-7584a7b9.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-2d6b9ed7-7584a7b9.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-2d6b9ed7-7584a7b9.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-4d7c6d2a-42ee86b4.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-4d7c6d2a-42ee86b4.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-4d7c6d2a-42ee86b4.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-4d7c6d2a-42ee86b4.zip[Dummy.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-4ceeb842-2ea8054a.zip[SandBoxEscape.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-4ceeb842-2ea8054a.zip[SuperMSClassLoader.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-4ceeb842-2ea8054a.zip[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-4ceeb842-2ea8054a.zip[Installer.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-7bf208c8.zip[SandBoxEscape.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-7bf208c8.zip[SuperMSClassLoader.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-7bf208c8.zip[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-7bf208c8.zip[Installer.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-383ccec8-54de602a.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-383ccec8-54de602a.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-383ccec8-54de602a.zip[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-383ccec8-54de602a.zip[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv281.jar-6b93d76f-4835a9f4.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv281.jar-6b93d76f-4835a9f4.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv281.jar-6b93d76f-4835a9f4.zip[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv281.jar-6b93d76f-4835a9f4.zip[Parser.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b188d-5efa2396.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b188d-5efa2396.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b188d-5efa2396.zip[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b188d-5efa2396.zip[Parser.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-7d64798d.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-7d64798d.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-7d64798d.zip[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-7d64798d.zip[Parser.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[NudeBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[Worker.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[VerifierBug.class]
Virus:Trj/Multidropper.NE Disinfected C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1b084c75-31e1dafc.zip[javautil.zip]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Colin\Cookies\colin@atwola[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Colin\Cookies\colin@ccbill[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Colin\Cookies\colin@entrepreneur[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@adultfriendfinder[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@c3.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cgi-bin[4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@go[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@image.checkmystats.com[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@rightmedia[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@uol.com[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@winfixer[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@xiti[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\st.exe
Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 2:05:20 PM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\M-Audio USB Quattro\QuatTask.exe
C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Colin\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idoc.wellpoint.com/registration
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\SYSTEM32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: M-Audio Quattro Control Panel Launcher.lnk = C:\Program Files\M-Audio USB Quattro\QuatTask.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156643306823
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Go to Start > Control Panel > double-click Java
Under the General tab, click Delete Files...
Check the THREE boxes, and press OK
Press OK again to exit the Java Control Panel.
Please scan again with Panda and post its report back here.
Incident Status Location
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\legqmchw.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Colin\Cookies\colin@247realmedia[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Colin\Cookies\colin@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Colin\Cookies\colin@atwola[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Colin\Cookies\colin@ccbill[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin\Cookies\colin@counter5.sextracker[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Colin\Cookies\colin@cs.sexcounter[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colin\Cookies\colin@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Colin\Cookies\colin@entrepreneur[2].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Colin\Cookies\colin@paycounter[1].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Colin\Cookies\colin@sexlist[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Colin\Cookies\colin@sextracker[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Colin\Cookies\colin@zedo[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@adultfriendfinder[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@c3.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@cgi-bin[4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@go[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@image.checkmystats.com[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@rightmedia[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@uol.com[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@winfixer[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\Cookies\colin@xiti[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Colin\Local Settings\Temp\st.exe
Everything seems clean now. How are things?
Is there a "temp files" removal option?
Also, what can I do to improve the CPU performance. Should I defrag?
And thank you so so so much for all your time and help. I really appreciate it. Do you have a donation link or anything. I feel I owe you something.
Thanks again,
Colin
Thats very kind, although there is no need to donate. But it would be great if you would consider joining the Folding@Home project. More info in the Forum here. ...consider this a donation.
Let me know how things go.