Wow! This really surprised me!
Panda Report:
Incident Status Location
Adware:adware/emediacodec Not disinfected C:\Documents and Settings\All Users.WINDOWS\Desktop\Online Security Guide.url
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\The Kipps\Cookies\the
[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\The Kipps\Cookies\the
[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@mediaplex[1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\The Kipps\Cookies\the
[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@revenue[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@statcounter[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\The Kipps\Cookies\the kipps@valueclick[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\The Kipps\Cookies\the
[email protected][1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Application Data\Mozilla\Firefox\Profiles\2rssyo24.default\cookies.txt[]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the kipps@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the kipps@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the
[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the kipps@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the kipps@adrevolver[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the kipps@realmedia[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the kipps@tribalfusion[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Desktop\smitRem.exe[Process.exe]
Adware:adware/securityerror Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Favorites\Antivirus Test Online.url
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the
[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@adrevolver[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@casalemedia[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the
[email protected][1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the
[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the
[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@fastclick[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@realmedia[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@sextracker[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@tribalfusion[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the kipps@valueclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temporary Internet Files\Content.IE5\W5ERGTQZ\smitRem[1].exe[Process.exe]
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\system32\1024\ld3229.tmp
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\system32\1024\ldADA5.tmp
Virus:Trj/Agent.BRX Disinfected C:\WINDOWS\system32\dfrgsrv.exe
Adware:adware/spywarequake Not disinfected C:\WINDOWS\system32\stickrep.dll
HIJACK THIS:
Logfile of HijackThis v1.99.1
Scan saved at 1:56:33 PM, on 01/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [Panda_cleaner_265514] C:\WINDOWS\system32\ActiveScan\pavdr.exe 265514
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.co...ad/MsnPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1143168496296O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1143334629734O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe