Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible viruses [RESOLVED]

Started by shel2004 , Mar 22 2006 08:18 PM

  • This topic is locked This topic is locked

#1
shel2004
Posted 22 March 2006 - 08:18 PM

shel2004

    Member

  • Member
  • PipPip
  • 64 posts
Hi! I just got done running a virus scan and it said I had quite a few files infected. Some say they are imbedded (JAVA BYTES VERIFY) and one says a Trojan. Please help. I guess I just post my Hijack this log now?

Logfile of HijackThis v1.99.1
Scan saved at 9:16:36 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1139153177\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michelle Selvon\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139153177\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.co...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68.../ACNePlayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  • 0

Advertisements

#2
Flrman1
Posted 23 March 2006 - 03:41 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#3
shel2004
Posted 23 March 2006 - 04:53 PM

shel2004

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Okay I hope I did this right.

Incident Status Location

Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (10) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (11) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (12) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (13) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (14) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (2) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (2) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (2) of michelle [email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (3) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (3) of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (3) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (3) of michelle [email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (4) of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (4) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (5) of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (5) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (6) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (6) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (7) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (7) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (8) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (8) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (9) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (9) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy of Copy of michelle selvon@target[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy of Copy of michelle [email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@bfast[2].txt
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@bravenet[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@ccbill[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@entrepreneur[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@fortunecity[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@hitbox[1].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Bettersearch Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@index[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@linksynergy[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@seeq[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@serving-sys[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@spylog[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@targetnet[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@target[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@valueclick[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@zedo[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (10) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (11) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (12) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (13) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (14) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (2) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (2) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (2) of michelle [email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (3) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (3) of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (3) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (3) of michelle [email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (4) of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (4) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (5) of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (5) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (6) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (6) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (7) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (7) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (8) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (8) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (9) of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy (9) of Copy of michelle selvon@target[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy of Copy of Copy of michelle selvon@clickbank[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy of Copy of michelle selvon@target[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\Copy of Copy of michelle [email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@bfast[2].txt
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@bravenet[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@ccbill[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@entrepreneur[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@fortunecity[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@hitbox[1].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/Bettersearch Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@index[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@linksynergy[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle [email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Michelle Selvon\Cookies\michelle selvon@qksrv[2].txt
Spyware:Cookie/QuestionMarket


Edited by shel2004, 23 March 2006 - 04:56 PM.

  • 0

#4
Flrman1
Posted 23 March 2006 - 08:50 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
That only found a bunch of tracking cookies.

* Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button to clear all cookies.

* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#5
shel2004
Posted 23 March 2006 - 10:45 PM

shel2004

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Here is the Kaspersky scan.


KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 23, 2006 11:40:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 24/03/2006
Kaspersky Anti-Virus database records: 183709


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 52341
Number of viruses found 6
Number of infected objects 11
Number of suspicious objects 0
Duration of the scan process 00:34:15

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-57e7a940.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-57e7a940.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-57e7a940.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-57e7a940.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-51c27f2d-7b94c91e.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-51c27f2d-7b94c91e.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-51c27f2d-7b94c91e.zip ZIP: infected - 2 skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv799.jar-921ac62-65fdebc4.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv799.jar-921ac62-65fdebc4.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv799.jar-921ac62-65fdebc4.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Documents and Settings\Michelle Selvon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv799.jar-921ac62-65fdebc4.zip ZIP: infected - 3 skipped

Scan process completed.


here is the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:53 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1139153177\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PhoTags Express\Photags.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139153177\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.co...pside_web18.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68.../ACNePlayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  • 0

#6
Flrman1
Posted 24 March 2006 - 01:49 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Control Panel > Java. On the General tab under "Temporary Internet Files", click the "Delete Files" button to clear the Java cache.


* Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
  • 0

#7
shel2004
Posted 24 March 2006 - 03:07 PM

shel2004

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Sorry not to computer savvy here. When I go to control panel. how do I find Java. It just says pick a category after the control panel opens up.
  • 0

#8
Flrman1
Posted 24 March 2006 - 06:56 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Click "Switch to Classic View" and you'll see it then.
  • 0

#9
shel2004
Posted 24 March 2006 - 09:10 PM

shel2004

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Hope I did this right.


Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
AVG Free Edition
Canon iP1600
Canon Utilities Easy-PhotoPrint
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.1
Digital Content Portal
Easy-WebPrint
Google AFE
Google Desktop
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky On-line Scanner
Learn2 Player (Uninstall Only)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSN Messenger 7.5
Panda ActiveScan
PhoTags Express
Photo Click
Plaxo Toolbar for Outlook and Outlook Express
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Shizmoo Web Games (Uproar)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Verizon Broadband Toolbar
Verizon Online
Verizon Online Support Center
VGA Dual-Mode Camera
Viewpoint Media Player
Watchtower Library 2005 - English Edition
WebCyberCoach 3.2 Dell
WildTangent Web Driver
Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 03/30/2004 2.0.0.0
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WordPerfect Office 12
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
  • 0

#10
Flrman1
Posted 24 March 2006 - 09:57 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/Remove programs and uninstall these:

Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Media Player


* Now go here and install the latest version of Java.

How is everything now?
  • 0

#11
shel2004
Posted 24 March 2006 - 10:08 PM

shel2004

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Okay I did that. My computer has been okay this whole time. I did put those viruses in the virus vault of my AVG scanner. Should I do anything with them, or did you help take care of that already?
  • 0

#12
Flrman1
Posted 24 March 2006 - 10:40 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
You can empty the AVG vault.

* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#13
Flrman1
Posted 03 April 2006 - 06:48 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP