HI everyone,
I just joined. I would really appreciate help cleaning my computer. My computer is infected and I did a complete "Malware removal procedure" as it is listed on this website.
Also I cannot remove through Add/Remove ; Limewire, Music Match, I-Tunes/I-Pod.
I am now posting the results of the before and after "Hijack this" reports and the "Panda Online" scans as outlined.
I used these resident scanners in both safe mode then normal modes: Lavasoft Adware, Spybot , AVG Antispyware, Superantispyware, Trojan Hunter, Anti-MalwareBytes (MBAM). Then I ran crap cleaner (CCleaner). I ran McAfee Stinger (no viruses found). Then I ran these online scanners Trend Micro Housecall (identified malware but would freeze computer on disinfection (in active x), Eset, F-Secure and lastly Panda.
PRESCAN REFERENCE REPORT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:31 AM, on 5/5/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\GEARSEC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\wazlvxe.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\rundll32.exe
C:\docume~1\owner\locals~1\temp\REJ.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\rundll16.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\WINNT\System32\IEHost.exe
C:\documents and settings\owner\local settings\temp\q7L9emb.exe
C:\WINNT\System32\avicap32.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\picsvr\picsvr.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\CLOCKS~1\Sync.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Documents and Settings\Owner\Application Data\dees.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
c:\progra~1\exact\exactupdate00136.exe
C:\WINNT\System32\QxoS9v1Z.exe
C:\WINNT\System32\QxoS9v1Z.exe
G:\Downloaded Setup Programs\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startium.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINNT\System32\mskceo.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINNT\System32\inetp60.dll
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINNT\System32\mskhhe.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINNT\System32\stlb2.dll
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINNT\System32\mseggo.gif
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\COMETS~1\bin\autosearch_5.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll
O2 - BHO: MYBAR - {4E7BD74F-2B8D-469E-C0FF-FD75B9D5FA7D} - C:\WINNT\MYBAR.DLL
O2 - BHO: (no name) - {67F13826-9F31-0CCC-D502-61557CF72B40} - C:\WINNT\System32\ewziarl.dll
O2 - BHO: (no name) - {7BE5A2DC-4936-41C2-6FC3-32E64DDECBCF} - C:\WINNT\System32\vhthdto.dll
O2 - BHO: IAdvertisementBHO Class - {80672997-D58C-4190-9843-C6C61AF8FE97} - C:\WINNT\rundll16.dll
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINNT\System32\msjfbl.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINNT\System32\msfaol.dll
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRA~1\COMETS~1\Platform\Bin\csbho.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Teddy\Local Settings\Temp\c.dll (file missing)
O2 - BHO: eXact Browser Companion - {F9765480-72D1-11D4-A75A-004F49045A87} - c:\progra~1\exact\exacttoolbar00068.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINNT\System32\msnkmi.dll
O3 - Toolbar: Starware - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRA~1\COMETS~1\Platform\Bin\csietb.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &eXact Toolbar - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - c:\progra~1\exact\exacttoolbar00068.dll
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINNT\System32\stlb2.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\System32\bridge.dll",Load
O4 - HKLM\..\Run: [REJ] C:\docume~1\owner\locals~1\temp\REJ.exe
O4 - HKLM\..\Run: [mngbejap] C:\WINNT\mngbejap.exe
O4 - HKLM\..\Run: [bobgp] C:\WINNT\bobgp.exe
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\RmtQDB55.exe
O4 - HKLM\..\Run: [unsn] C:\WINNT\unsn.exe
O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINNT\System32\inetp60.dll,DllRunServer
O4 - HKLM\..\Run: [SQInstaller] C:\Program Files\STC\SQ_3394_3222.exeSQInstaller.exe
O4 - HKLM\..\Run: [Rundll16] C:\WINNT\rundll16.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SSWPlauncher] C:\PROGRA~1\COMETS~1\Platform\Bin\comet.exe /app:SSWPlauncher
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\System32\IEHost.exe
O4 - HKLM\..\Run: [grgb] C:\WINNT\grgb.exe
O4 - HKLM\..\Run: [q7L9emb] C:\documents and settings\owner\local settings\temp\q7L9emb.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINNT\wupdt.exe
O4 - HKLM\..\Run: [bae5c3e65007] C:\WINNT\System32\avicap32.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [mzF9R5o] C:\documents and settings\teddy\local settings\temp\mzF9R5o.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [Nsv] C:\WINNT\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINNT\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [voqxkom] c:\winnt\system32\wzptiea.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [lpzwhw] C:\WINNT\System32\wazlvxe.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [Tsgdb] C:\WINNT\System32\?srss.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [Ltho] C:\Documents and Settings\Owner\Application Data\dees.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm093
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://D:\components\Liquid.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthsmakamai/systemsoappro.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/minidialler/mddl/NX/261293__.exe
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O18 - Filter hijack: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINNT\System32\msehek.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - WebSearch - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
--
End of file - 15002 bytes
POST-SCAN REPORT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:38 PM, on 5/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\GEARSEC.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32/left.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [bae5c3e65007] C:\WINNT\System32\avicap32.exe
O4 - HKLM\..\Run: [voqxkom] c:\winnt\system32\wzptiea.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [Tsgdb] C:\WINNT\System32\?srss.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://D:\components\Liquid.ocx
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4764 bytes
PANDA ONLINE SCAN REPORT
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-08 13:46:02
PROTECTIONS: 0
MALWARE: 107
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00003428 adware/memorywatcher Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\memorywatcher
00020302 adware/ncase Adware No 0 Yes No c:\winnt\system32\fleok
00020302 adware/ncase Adware No 0 Yes No c:\winnt\msbb.exe.temp
00024343 adware/keenvalue Adware No 0 Yes No c:\winnt\system32\drivers\etc\hosts.bho
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\dsi
00027660 adware/savenow Adware No 0 Yes No c:\winnt\system32\datastore.dll
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
00029459 spyware/betterinet Spyware No 1 Yes No c:\winnt\inf\biini.inf
00029767 adware/delfinmedia Adware No 1 Yes No c:\winnt\system32\vmss
00032724 adware/portalscan Adware No 0 Yes No c:\program files\common files\slmss
00032724 adware/portalscan Adware No 0 Yes No c:\documents and settings\owner\desktop\second thought.lnk
00032724 adware/portalscan Adware No 0 Yes No c:\program files\system soap pro
00035722 adware/comet Adware No 0 Yes No c:\winnt\inf\dm.pnf
00035722 adware/comet Adware No 0 Yes No c:\winnt\inf\dm.inf
00035937 adware/exact.searchbar Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{224530A0-C9CB-4AEE-9C0F-54AC1B533211}
00036016 adware/topmoxie Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{49db48ff-02b5-4645-b676-94a4df1aa026}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5e594162-60a9-487d-84b8-dbdd716cb862}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{830d3aed-2fa9-454f-b266-d931862bbf34}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{bccab53d-0895-40c3-a942-a03538ce227a}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{8940e505-72c6-44de-be85-1d746780efbf}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{a986f4db-792e-4571-8974-0bb6e024766f}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}
00039209 adware/virtualbouncer Adware No 0 Yes No c:\documents and settings\owner\desktop\mypcsearch.lnk
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}
00039209 adware/virtualbouncer Adware No 0 Yes No c:\winnt\system32\innervbinstall.log
00039209 adware/virtualbouncer Adware No 0 Yes No hkey_classes_root\clsid\{8940e505-72c6-44de-be85-1d746780efbf}
00039209 adware/virtualbouncer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}
00039807 Spyware/ClearSearch Spyware No 1 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[ClrSchP072.exe]
00039807 Spyware/ClearSearch Spyware No 1 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[ClrSchP071.exe]
00039807 Spyware/ClearSearch Spyware No 1 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[ClrSchP071.exe]
00040415 adware/wintools Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{8992b6ca-b8c9-4aed-bf89-0a17f6296a06}
00041904 adware/sidesearch Adware No 0 Yes No hkey_current_user\software\sep
00041904 adware/sidesearch Adware No 0 Yes No c:\winnt\sepsd.bin
00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\owner\application data\lycos
00041904 adware/sidesearch Adware No 0 Yes No c:\program files\lycos
00046160 adware/searchexe Adware No 0 Yes No HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar
00046761 adware/xupiter Adware No 0 Yes No c:\documents and settings\owner\favorites\inernet
00046761 adware/xupiter Adware No 0 Yes No c:\documents and settings\owner\favorites\free stuff
00047614 Adware/StatBlaster Adware No 0 Yes No C:\Documents and Settings\Teddy\Local Settings\Temp\tracker9.exe
00047614 Adware/StatBlaster Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\tracker9.exe
00047865 Adware/Midaddle Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\PG18ZZ38\addit[1].exe
00047865 Adware/Midaddle Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\addit.exe
00047888 adware/iedriver Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\extensions\cmdmapping\{120e090d-9136-4b78-8258-f0b44b4bd2ac}
00047888 adware/iedriver Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{8f9fbeb8-d216-4d6c-8d21-513157e09c0d}
00047888 adware/iedriver Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{120E090D-9136-4b78-8258-F0B44B4BD2AC}
00047888 adware/iedriver Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{1a00c40b-da85-4aa3-a67f-582d9347eecd}
00047888 adware/iedriver Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\extensions\cmdmapping\{1a00c40b-da85-4aa3-a67f-582d9347eecd}
00047888 adware/iedriver Adware No 0 Yes No hkey_local_machine\software\microsoft\internet explorer\extensions\{120e090d-9136-4b78-8258-f0b44b4bd2ac}
00048239 adware/adlogix Adware No 0 Yes No c:\winnt\system32\sp32.xml
00048239 adware/adlogix Adware No 0 Yes No c:\winnt\system32\retpdat32.xml
00048303 adware/powersearch Adware No 0 Yes No c:\winnt\system32\stlb2.xml
00048504 spyware/whazit Spyware No 1 Yes No c:\winnt\system32\kyf.dat
00064455 Adware/SAHAgent Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\bi.inf
00064455 Adware/SAHAgent Adware No 0 Yes No C:\Documents and Settings\Meg\Local Settings\Temp\bi.inf
00065497 Adware/Comet Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\unpack\CC_43.inf
00093000 Spyware/Apropos Spyware No 1 Yes No C:\Documents and Settings\Teddy\Local Settings\Temp\AutoUpdate1\setup.inf
00093000 Spyware/Apropos Spyware No 1 Yes No C:\Documents and Settings\Teddy\Local Settings\Temp\AutoUpdate0\setup.inf
00093000 Spyware/Apropos Spyware No 1 Yes No C:\Documents and Settings\John\Local Settings\Temp\AutoUpdate0\setup.inf
00098161 Adware/BlazeFind Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\bar.exe
00098819 Adware/SideSearch Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\ss_cdt_setup.exe[² ≡.dll]
00099569 Spyware/Apropos Spyware No 1 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[sys_ai_client_loader.exe]
00099569 Spyware/Apropos Spyware No 1 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[sys_ai_client_loader.exe]
00101255 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[Overpro323.exe]
00101256 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[Overpro323.exe][terrabyte.exe]
00101257 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[Overpro323.exe][IEHost.EXE]
00101258 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[Overpro323.exe][ms.exe]
00101283 Spyware/Apropos Spyware No 1 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[April0604_loader.exe]
00101427 Spyware/ClearSearch Spyware No 1 No No C:\Documents and Settings\John\Local Settings\Temp\ms7.tmp[ClrSchUninstall_78_86.exe]
00101813 Spyware/Apropos Spyware No 1 No No C:\Documents and Settings\John\Local Settings\Temp\adlinstallwin32.exe[may17_loader.exe]
00101959 Adware/SideSearch Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\ms7.tmp[²κΗ.dll]
00101980 Adware/TVMedia Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\ms16D.tmp
00102359 Adware/PurityScan Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[install_george.exe]
00102359 Adware/PurityScan Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[install_george.exe]
00103065 Adware/KeenValue Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[incredifind.exe]
00103066 Adware/eZula Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[ESB.exe]
00103066 Adware/eZula Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[ESB.exe]
00103174 Adware/IST.ISTBar Adware No 1 Yes No C:\Documents and Settings\John\Local Settings\Temp\bundleradlogix.exe
00103175 Adware/IST.ISTBar Adware No 1 No No C:\Documents and Settings\John\Local Settings\Temp\adlinstallwin32.exe[istinstall_adlogix.exe]
00111250 Trj/Downloader.OE Virus/Trojan No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[setup233.exe][dp-k13w13.exe]
00111250 Trj/Downloader.OE Virus/Trojan No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[setup233.exe][dp-k13w13.exe]
00111250 Trj/Downloader.OE Virus/Trojan No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[setup233.exe][dp-k13w13.exe]
00111250 Trj/Downloader.OE Virus/Trojan No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[Overpro323.exe][dp-him.exe]
00116937 Adware/SideSearch Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
00117651 Adware/nCase Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\adlinstallwin32.exe[ADStartUp.exe]
00117710 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\Teddy\Local Settings\Temp\~696017.tmp
00117710 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\Teddy\Local Settings\Temp\~685710.tmp
00117977 Adware/Midaddle Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\PG18ZZ38\addit[1].exe[WildWinTracker.exe]
00117977 Adware/Midaddle Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\addit.exe[WildWinTracker.exe]
00117977 Adware/Midaddle Adware No 0 Yes No C:\Documents and Settings\Teddy\Local Settings\Temp\WildWinTracker.exe
00117978 Adware/Midaddle Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\addit.exe[Updater.exe]
00117978 Adware/Midaddle Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\PG18ZZ38\addit[1].exe[Updater.exe]
00119703 Adware/Exact.BargainBuddy Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[wmedia_bbi8015.exe]
00119703 Adware/Exact.BargainBuddy Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[wmedia_bbi8015.exe]
00119953 Adware/Midaddle Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\addit.exe[clicks.dll]
00119953 Adware/Midaddle Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\PG18ZZ38\addit[1].exe[clicks.dll]
00120350 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[setup233.exe][sx.htm]
00120350 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[Overpro323.exe][Searchx.htm]
00120350 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[setup233.exe][sx.htm]
00120350 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[setup233.exe][sx.htm]
00120350 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\27079setup.exe[Searchx.htm]
00120876 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\John\Application Data\bfсуоо.exe
00124057 Adware/PurityScan Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\CWI9VH4E\ctxad-215[1].0000[NDrv.dll]
00132447 adware program Adware No 0 Yes No hkey_current_user\software\ssb3
00132447 adware program Adware No 0 Yes No c:\winnt\ss3unstl.exe
00132651 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\Teddy\Local Settings\Temp\~762134.tmp
00132651 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\Teddy\Local Settings\Temp\~808194.tmp
00132651 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~636060.tmp
00133499 Adware/IPInsight Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\Belt.ini
00134624 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[setup233.exe][ieupdate.exe]
00134624 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[setup233.exe][ieupdate.exe]
00134624 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[setup233.exe][ieupdate.exe]
00134625 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[setup233.exe][td.exe]
00134625 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[setup233.exe][td.exe]
00134625 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[setup233.exe][td.exe]
00134626 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[setup233.exe][IEDRIVER.EXE]
00134626 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[setup233.exe][IEDRIVER.EXE]
00134626 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[setup233.exe][IEDRIVER.EXE]
00135099 adware/powerstrip Adware No 0 Yes No c:\winnt\preprocess.data
00136827 Adware/SAHAgent Adware No 0 Yes No C:\WINNT\system32\xmltok.dll
00137181 Adware/BrowserAid Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[dist1_1_00.exe]
00137181 Adware/BrowserAid Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[dist1_1_00.exe]
00137181 Adware/BrowserAid Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[dist1_1_00.exe]
00139143 Spyware/Omi Spyware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~8651515452.tmp
00145428 Cookie/Kazaa Networks TrackingCookie No 0 Yes No C:\Documents and Settings\Meg\Cookies\meg@276[2].txt
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Teddy\Cookies\teddy@abetterinternet[1].txt
00147600 Trj/Siboco.B Virus/Trojan No 0 No No C:\Documents and Settings\John\Local Settings\Temp\adlinstallwin32.exe[setup.exe]
00148071 Application/MyWebSearch HackTools No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\VXF7ZOW3\newmajorse2[1].cab[newmajorse2.txt]
00148072 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\VXF7ZOW3\newmajorse2[1].cab
00154671 Spyware/UrlSpy Spyware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\27079setup.exe[pinstaller.exe]
00154672 Spyware/UrlSpy Spyware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\27079setup.exe[IEHost30.exe]
00154673 Spyware/UrlSpy Spyware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\9YT3J2C1\setup1036[1].exe[uninstal.exe]
00154673 Spyware/UrlSpy Spyware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\27079setup.exe[uninstal.exe]
00154674 Spyware/UrlSpy Spyware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\27079setup.exe[IEDll300.dll]
00165384 Cookie/DelfinMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Meg\Cookies\meg@delfinproject[1].txt
00165384 Cookie/DelfinMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Teddy\Cookies\teddy@delfinproject[1].txt
00165490 Spyware/UrlSpy Spyware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\9YT3J2C1\setup1036[1].exe[IEDll300.dll]
00166150 Spyware/Apropos Spyware No 1 Yes No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\VXF7ZOW3\auto_update[1]
00167776 Cookie/Kount TrackingCookie No 0 Yes No C:\Documents and Settings\Teddy\Cookies\teddy@kount[1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Teddy\Cookies\teddy@888[2].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\Documents and Settings\Teddy\Cookies\teddy@rn11[2].txt
00173986 Cookie/421 TrackingCookie No 0 Yes No C:\Documents and Settings\Teddy\Cookies\teddy@421[2].txt
00173990 Cookie/Sandboxer TrackingCookie No 0 Yes No C:\Documents and Settings\Teddy\Cookies\teddy@0[1].txt
00176497 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Teddy\Cookies\teddy@servlet[2].txt
00176498 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\Teddy\Cookies\teddy@master.mx-targeting[1].txt
00188551 Spyware/BetterInet Spyware No 1 Yes No C:\Documents and Settings\John\Local Settings\Temp\biini.inf
00188551 Spyware/BetterInet Spyware No 1 Yes No C:\Documents and Settings\Meg\Local Settings\Temp\biini.inf
00188674 Application/P2PNetworking HackTools No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\p2psetup.exe
00193504 Adware/eZula Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[ezStub.exe]
00193504 Adware/eZula Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[ezStub.exe]
00194480 Spyware/Abcsearch Spyware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\814VIMFW\searchrep[1].dll
00195038 Spyware/UrlSpy Spyware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\9YT3J2C1\setup1036[1].exe[IEHost30.exe]
00211158 application/bestoffer HackTools No 0 Yes No c:\winnt\smdat32m.sys
00212052 Adware/WinTools Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\S0MS7IOI\TBPS[1].cab[TBPS.exe]
00212055 Adware/WinTools Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\WJEPGCYE\TBPSSvc[1].cab[TBPSSvc.exe]
00222723 Adware/WinTools Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\9YT3J2C1\tb3[1].cab[toolbar.dll]
00243573 Adware/SaveNow Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[SaveInstCsSm.exe]
00243573 Adware/SaveNow Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[SaveInstCsSm.exe]
00243573 Adware/SaveNow Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[SaveInstCsSm.exe]
00243573 Adware/SaveNow Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[SaveInstCsSm.exe]
00245475 Adware/KeenValue Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\remove.exe
00311277 Spyware/UrlSpy Spyware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\9YT3J2C1\setup1036[1].exe[pinstaller.exe]
00341156 Adware/WebSearch Adware No 0 Yes No C:\Documents and Settings\Teddy\Local Settings\Temp\hotfix.exe
00379227 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~828268.tmp
00379227 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~882858.tmp
00379227 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~887595.tmp
00379227 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~804602.tmp
00415271 Generic Adware Spyware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files9.exe[exactSetup.exe]
00445027 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\all_files4.exe[setup233.exe]
00445027 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files4.exe[setup233.exe]
00445027 Adware/IEDriver Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temp\all_files9.exe[setup233.exe]
00447358 Spyware/UrlSpy Spyware No 0 Yes No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\9YT3J2C1\setup1036[1].exe
00499045 Trj/Dropper.WF Virus/Trojan No 0 Yes Yes C:\Documents and Settings\Teddy\Local Settings\Temp\27079setup.exe
00516375 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~982198.tmp
00516375 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~672867.tmp
00516375 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~884423.tmp
00516375 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~487585.tmp
00516375 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~962247.tmp
00516375 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~973418.tmp
00516375 Adware/WinTools Adware No 0 Yes No C:\Documents and Settings\John\Local Settings\Temp\~400853.tmp
00526447 Adware/Hotoffers Adware No 1 Yes No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\AAK9N6R6\iconcli[1].dll
00526447 Adware/Hotoffers Adware No 1 Yes No C:\WINNT\system32\msoedc.dll
00526469 Spyware/ClientMan Spyware No 1 Yes No C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\PG18ZZ38\bundle[1].dll
00757656 Adware/Zango Adware No 0 No No C:\Documents and Settings\John\Local Settings\Temp\adlinstallwin32.exe[ADUpdater.exe]
01260840 Trj/Downloader.PME Virus/Trojan No 1 Yes Yes C:\Documents and Settings\Teddy\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0B.dat
01260840 Trj/Downloader.PME Virus/Trojan No 1 Yes Yes C:\Documents and Settings\Teddy\Local Settings\Temp\CDASilentInstall0500.exe
02808099 Adware/WebSearch Adware No 0 No No C:\Documents and Settings\Teddy\Local Settings\Temporary Internet Files\Content.IE5\VXF7ZOW3\common[1].cab[common.dll]
;===================================================================================================================================================================================
SUSPECTS
Sent Location ,�X�
3��
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ,�X�
3��
;===================================================================================================================================================================================
133387 MEDIUM MS06-065 ,�X�
3��
133386 MEDIUM MS06-064 ,�X�
3��
133385 MEDIUM MS06-063 ,�X�
3��
133379 HIGH MS06-057 ,�X�
3��
131654 HIGH MS06-055 ,�X�
3��
129977 MEDIUM MS06-053 ,�X�
3��
129976 MEDIUM MS06-052 ,�X�
3��
126093 HIGH MS06-051 ,�X�
3��
126092 MEDIUM MS06-050 ,�X�
3��
126087 HIGH MS06-046 ,�X�
3��
126086 MEDIUM MS06-045 ,�X�
3��
126083 HIGH MS06-042
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
