[inactive]MSN Virus please help!
Hey, I accidentally downloaded a virus off of msn, it gave me this winstall.exe file. I think it is a trojan. Here is my hijack this logfile and activescan results, thanks!:
Logfile of HijackThis v1.99.1
Scan saved at 3:52:36 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Media Connect 2\wmccfg.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uwo.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uwo.ca
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET Admin Service (aspnet_admin) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Active Scan
Incident Status Location
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.888.com/]
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.paypopup.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.paypopup.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.com.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.2o7.net/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.overture.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.tickle.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[server.iad.liveperson.net/hc/88244075]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ehg-idg.hitbox.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ciudad.com.ar/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[statse.webtrendslive.com/]
Logfile of HijackThis v1.99.1
Scan saved at 3:52:36 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Media Connect 2\wmccfg.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uwo.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uwo.ca
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET Admin Service (aspnet_admin) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Active Scan
Incident Status Location
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.888.com/]
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.paypopup.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.paypopup.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.com.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.2o7.net/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.overture.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.tickle.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[server.iad.liveperson.net/hc/88244075]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ehg-idg.hitbox.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[.ciudad.com.ar/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\StefanV\Application Data\Mozilla\Firefox\Profiles\auyjbhd2.default\cookies.txt[statse.webtrendslive.com/]
0
This discussion has been closed.
Comments
Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum
If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead