Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My hjk log file


  • Please log in to reply

#1
madymoon

madymoon

    Member

  • Member
  • PipPip
  • 13 posts
Hi, i'm new to this site and i'm interested in learning how to delete virus,sypware etc. My com is infected by virus but i scared to delete it so i quarantine it. Some instruction on how to delete the virus would be greatly appreaciated.Here is my hjk log


Logfile of HijackThis v1.99.1
Scan saved at 10:38:57 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\Chan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
F3 - REG:win.ini: load= C:\TCWIN45\PIPELINE\remind.exe C:\TCWIN45\PIPELINE\\remind.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2527E43-80E1-4ACE-AE29-3E5AD88F759D}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{B2527E43-80E1-4ACE-AE29-3E5AD88F759D}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi madymoon and Welcome to GeekstoGo!

Your HijackThis log shows no signs of infection.


Lets look a little closer--> Download WinPFind to your C Drive.
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda
  • 0

#3
madymoon

madymoon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you for looking into my problem, here is my reports

Logfile of HijackThis v1.99.1
Scan saved at 12:21:26 AM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\Chan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
F3 - REG:win.ini: load= C:\TCWIN45\PIPELINE\remind.exe C:\TCWIN45\PIPELINE\\remind.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2527E43-80E1-4ACE-AE29-3E5AD88F759D}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{B2527E43-80E1-4ACE-AE29-3E5AD88F759D}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


WinPFind report

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 10/12/2005 7:23:38 PM 64000 C:\WINDOWS\IFinst25.exe
UPX! 2/27/2006 5:10:52 PM 65024 C:\WINDOWS\IFinst26.exe
UPX! 10/12/2005 10:09:36 PM 65536 C:\WINDOWS\IFinst27.exe

Checking %System% folder...
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/23/2001 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 10/26/2004 3:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/26/2004 3:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 4/10/2006 1:00:34 PM 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 5/3/2006 9:26:22 PM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/3/2006 9:26:22 PM 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
PEC2 2/2/2003 11:01:02 PM 186368 C:\WINDOWS\SYSTEM32\msaud32_divx.acm
aspack 8/4/2004 1:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 5/24/2006 9:03:08 AM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 5/24/2006 9:03:08 AM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 5/24/2006 9:03:08 AM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 5/24/2006 9:03:08 AM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
5/28/2006 11:00:58 PM S 2048 C:\WINDOWS\bootstat.dat
5/26/2006 10:45:18 AM H 54156 C:\WINDOWS\QTFont.qfn
4/27/2006 5:10:00 PM H 10703680 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bf78dba5d9ce382216fbb63fbcf66a60\BIT1A.tmp
3/30/2006 3:03:56 AM S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
4/10/2006 1:01:22 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
5/28/2006 11:00:46 PM H 8192 C:\WINDOWS\system32\config\default.LOG
5/28/2006 11:01:20 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
5/28/2006 11:01:06 PM H 20480 C:\WINDOWS\system32\config\SECURITY.LOG
5/28/2006 11:01:52 PM H 118784 C:\WINDOWS\system32\config\software.LOG
5/28/2006 11:01:06 PM H 966656 C:\WINDOWS\system32\config\system.LOG
5/11/2006 3:01:28 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
4/26/2006 4:28:02 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\e7ca5e59-45ef-4e64-aad3-01b978c5e67a
4/26/2006 4:28:02 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
4/12/2006 2:30:52 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1b4b6893-d8a1-4d1f-8369-46c7b8cd90d1
4/12/2006 2:30:52 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
5/28/2006 10:59:14 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 5/18/2005 3:17:54 PM 18726912 C:\WINDOWS\SYSTEM32\alsndmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation4/16/2004 11:24:54 AM 61440 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
12/10/2004 10:47:44 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
2/28/2006 6:05:16 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
1/15/2005 12:31:34 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/15/2005 4:21:16 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
3/13/2006 10:29:46 PM 1739 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
1/15/2005 12:31:34 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
1/15/2005 4:21:16 AM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}
IeCatch2 Class = C:\PROGRA~1\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
{E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar : C:\PROGRA~1\FlashGet\fgiebar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
ButtonText = FlashGet : C:\PROGRA~1\FlashGet\flashget.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IMJPMIG8.1 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
MSPY2002 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
InCD C:\Program Files\Ahead\InCD\InCD.exe
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
YeppStudioAgent C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
PWRISOVM.EXE C:\Program Files\PowerISO\PWRISOVM.EXE
WinampAgent C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 255
WizmaxBackup_NoDriveTypeAutoRun 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 5/28/2006 11:12:09 PM



Panda report

Incident Status Location

Adware:adware/cydoor Not disinfected c:\windows\system32\AdCache
Virus:Trojan Horse.AP2 Not disinfected C:\Data\program\emule-1.0.3.exe[IEXPLORE.EXE]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.2o7.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.belnk.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.zedo.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.overture.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.revenue.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.rn11.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.fastclick.net/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.valueclick.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.adtech.de/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.hitbox.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.centrport.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.ehg-eline.hitbox.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.paycounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.overture.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.com.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/HotLog Not disinfected
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Looks like the Panda log got cut off,can you post it by itself in the next reply.


After posting the Panda log--> Open FireFox and Click Tools-> Options-> Privacy-> Clear All

This will clear out all those old cookies.


A good program to maintain these Cookies and Temp files

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Be sure to use the FireFox selection as well the IE selection.


Go to Safe Mode and be sure Windows is Showing Hidden Files
http://www.bleepingc...al62.html#winxp

Locate and Delete the following listed in bold text.

C:\WINDOWS\IFinst25.exe<-- File

C:\WINDOWS\IFinst26.exe<-- File

C:\WINDOWS\IFinst27.exe<-- File

c:\windows\system32\AdCache<-- Folder

C:\Data\program\emule-1.0.3.exe<-- File



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#5
madymoon

madymoon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry i didn't know the panda log was cut off, here the log again


Incident Status Location

Adware:adware/cydoor Not disinfected c:\windows\system32\AdCache
Virus:Trojan Horse.AP2 Not disinfected C:\Data\program\emule-1.0.3.exe[IEXPLORE.EXE]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.2o7.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.belnk.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.zedo.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.overture.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.revenue.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.rn11.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.fastclick.net/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.valueclick.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.adtech.de/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.hitbox.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.centrport.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.ehg-eline.hitbox.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.paycounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\99jcjukc.madymoon\cookies.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.overture.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.com.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.adtech.de/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.microsoftwga.112.2o7.net/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chan\Application Data\Mozilla\Firefox\Profiles\q1vjmgnt.default\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chan\Cookies\chan@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Chan\Cookies\chan@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Chan\Cookies\chan@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Chan\Cookies\chan@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Cookies\chan@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chan\Cookies\chan@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chan\Cookies\chan@belnk[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Chan\Cookies\chan@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Chan\Cookies\chan@bravenet[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Chan\Cookies\chan@burstnet[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Chan\Cookies\chan@casalemedia[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Chan\Cookies\chan@cassava[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Chan\Cookies\chan@centrport[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chan\Cookies\chan@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chan\Cookies\chan@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Chan\Cookies\chan@fastclick[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Chan\Cookies\chan@gostats[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Chan\Cookies\chan@hitbox[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Chan\Cookies\chan@linksynergy[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chan\Cookies\chan@mediaplex[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Chan\Cookies\chan@paypopup[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Chan\Cookies\chan@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chan\Cookies\chan@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chan\Cookies\chan@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chan\Cookies\chan@statcounter[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Chan\Cookies\chan@target[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Chan\Cookies\chan@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Chan\Cookies\chan@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Chan\Cookies\chan@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chan\Cookies\chan@tribalfusion[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Chan\Cookies\chan@xmts[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Chan\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chan\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chan\Local Settings\Temp\Cookies\chan@advertising[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chan\Local Settings\Temp\Cookies\chan@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Chan\Local Settings\Temp\Cookies\chan@burstnet[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chan\Local Settings\Temp\Cookies\[email protected][2].txt

F-Secure report

Scanning Report
Monday, May 29, 2006 09:22:08 - 10:27:43

Computer name: HOME-A5TP7CC6MW
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 0 malware found
Statistics
Scanned:

* Files: 35394
* System: 5335
* Not scanned: 6

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\VAXSCSI.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{850DA21B-8ABC-4E99-AA59-5AC80356DD56}.BIN

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-05-28
* F-Secure Libra: 2.4.1, 2006-05-24
* F-Secure Orion: 1.2.37, 2006-05-26
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Pegasus: 1.19.0, 2006-00-19
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Are you still getting alerts from your Antivirus?

Lets try one more Online Scan so we can see the Archives and Email folder.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
madymoon

madymoon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I don't get any alert from my AVG anti virus scan anymore, but in the virus vault section there a virus name virus java/Openstream
in C:\Documents and Settings\Chan\Application Data\Sun\Java\Development\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-3eb31daa.zip
should i delete the file?

kapersky report

KASPERSKY ON-LINE SCANNER REPORT
Monday, May 29, 2006 6:51:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 29/05/2006
Kaspersky Anti-Virus database records: 196952
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 90795
Number of viruses found: 3
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 01:36:18

Infected Object Name / Virus Name / Last Action
C:\Data\program\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Data\program\mirc616.exe mIRC: infected - 1 skipped
C:\Program Files\BitComet\Downloads\Hackers_toolkit_2005.zip/Hackers_toolkit_2005/appz/Golden eye 2005/gesetup.exe/data0001 Infected: not-a-virus:Monitor.Win32.GoldenEye.401 skipped
C:\Program Files\BitComet\Downloads\Hackers_toolkit_2005.zip/Hackers_toolkit_2005/appz/Golden eye 2005/gesetup.exe Infected: not-a-virus:Monitor.Win32.GoldenEye.401 skipped
C:\Program Files\BitComet\Downloads\Hackers_toolkit_2005.zip ZIP: infected - 2 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{A9FB5E97-7E54-47EF-95D6-B45E2EAA3CA6}\RP486\A0201305.exe/stream/data0013 Infected: Trojan.Win32.VB.qv skipped
C:\System Volume Information\_restore{A9FB5E97-7E54-47EF-95D6-B45E2EAA3CA6}\RP486\A0201305.exe/stream Infected: Trojan.Win32.VB.qv skipped
C:\System Volume Information\_restore{A9FB5E97-7E54-47EF-95D6-B45E2EAA3CA6}\RP486\A0201305.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A9FB5E97-7E54-47EF-95D6-B45E2EAA3CA6}\RP486\A0201309.exe/stream/data0013 Infected: Trojan.Win32.VB.qv skipped
C:\System Volume Information\_restore{A9FB5E97-7E54-47EF-95D6-B45E2EAA3CA6}\RP486\A0201309.exe/stream Infected: Trojan.Win32.VB.qv skipped
C:\System Volume Information\_restore{A9FB5E97-7E54-47EF-95D6-B45E2EAA3CA6}\RP486\A0201309.exe NSIS: infected - 2 skipped

Scan process completed.
  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Yes,you can empty the Virus Vault if you like.


C:\Program Files\BitComet\Downloads\Hackers_toolkit_2005.zip<--- Hmmm :whistling:

Reckon youll be needing that anymore?

If not,please delete it.

Do you still use mIrc?


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools.../downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?
  • 0

#9
madymoon

madymoon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I won't be needing the hacker tool kit anymore :whistling: i haven't extract it though since the day i download it.
I stop using mIrc for quite sometime now.
I have done whole system scan using AVG anti virus and it seem the system is free from virus.
  • 0

#10
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Glad to hear the PC is being a bit more user friendly! :blink:


Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

It is suggested that you go and change all your passwords since some of these may have been compromised during the infection.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Please remember to check your AntiVirus and any Spyware Apps for updates atleast twice a week


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


If you ever need us again,you know how to find us! :whistling:
  • 0

#11
madymoon

madymoon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you Cretemonster for helping me out :whistling: hope i won't be infected by virus anytime soon.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP