thanks!
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:51:12 PM 1/20/2008
+ Scan result:
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\SecTaskMan\Dot1XCfg .exe.q_A9DF000_q.vir -> Downloader.Adload.pr : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{38D2CAF4-CA69-46A8-9E28-F412610BFF24} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{3FD0F1D8-E85C-419E-96F0-76D0FDDCDB41} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{447711E5-1524-43E1-9E7C-06795D3B32C1} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{48968133-2CF3-4227-B250-402D9BE9EEB7} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{491ED91F-4205-475F-9BCC-B403B2CF28DF} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{4FE63CA3-B57C-4087-80BB-D1AE85F760B6} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5B936FB7-643C-4574-BB29-B477C0FDC49D} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5D6180CB-7D75-42EE-97BD-2585EFDF742D} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{626C20CD-5D6C-4929-8C78-C773B1809A17} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{6D95657E-076B-4767-AFE5-FFCA2BF9AAE7} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{949A6604-8422-4975-BDB8-C7338DF9404A} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{966DECF9-ECB0-4B19-987D-937EEBEEC806} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C1EC6080-A8D1-413A-BB90-C6F61659A63F} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C2CEC244-8069-4B1D-B820-451603406EF2} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C76164E0-6CC6-4BF9-B2CC-6392F5AD9870} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C881B0DB-B296-4104-B033-2585C1DEC3B5} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{CA5423CE-6135-4048-9C8A-644C60C59703} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{CEFA1FFC-D3F1-4294-BCE2-C4375685949C} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{D36755AA-7C48-4AE6-8F7F-06A0E1AE32A5} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{D97FDDE2-A29A-4E59-8FE5-4F2F0E512E43} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{F99EC897-BF17-496A-AFE3-007FA2D95F74} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{FC9901EC-1984-4077-8431-2662617CD926} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{FDD36147-9904-455D-A44B-8B82E745958D} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jkhhf.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2008-01-20_122034.39.zip/SpySweeperUI.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1683\A0071248.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1683\A0071249.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071261.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071262.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071263.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1685\A0071271.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1685\A0071272.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071275.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071277.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071278.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\VundoFix Backups\ctfmon.exe.bad -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5B9ED28A-B506-4F74-A714-2E308690DD3E} -> Hijacker.IFrame.dn : Cleaned with backup (quarantined).
C:\Documents and Settings\Teresa\Cookies\teresa@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Trevan\Cookies\trevan@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.6:C:\Documents and Settings\Teresa\Application Data\Mozilla\Firefox\Profiles\cf5089bp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{41E25296-F459-41C6-A0A3-48E367469E33} -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C9D21C75-C72B-4ED1-A97D-FA7CE2EE1004} -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{DF45CDD7-92A5-4602-9674-D8DB3C6D78D0} -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{2519C019-1AE5-4A30-83F9-107F173F47F0} -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{8EC10DEC-F8A7-45F1-922A-2B857C161A4E} -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{E9D9131E-8E11-4C7F-A4D9-43E10E1C774D} -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\Trevan\Cookies\trevan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.35:C:\Documents and Settings\Trevan\Application Data\Mozilla\Firefox\Profiles\s1zpokxq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Teresa\Cookies\teresa@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Trevan\Cookies\trevan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{90DC0D56-C9E2-45CA-BF4B-6D2185D846D4} -> TrackingCookie.Findwhat : Cleaned.
:mozilla.62:C:\Documents and Settings\Trevan\Application Data\Mozilla\Firefox\Profiles\s1zpokxq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{9F6471ED-7B80-4DAC-B16F-7DA3C8080430} -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{85D0F6DB-800F-439B-8FCC-772E745F8579} -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{E1ACCDF3-9AC0-404F-82C0-A4CBC97EEFC9} -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{63296263-1062-465D-9640-8695F1068F52} -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{ED549852-0115-4AA4-B8C6-C3459DF6D2BD} -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Activescan
Incident Status Location
Adware:adware/bookedspace Not disinfected c:\windows\cfgmgr52.ini
Adware:adware/maxifiles Not disinfected Windows Registry
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Teresa\Application Data\Mozilla\Profiles\default\wmsl3a4k.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@com[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@target[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Trevan\Application Data\Mozilla\Firefox\Profiles\s1zpokxq.default\Cache\C2152591d01[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Trevan\Application Data\Mozilla\Firefox\Profiles\s1zpokxq.default\Cache\C2152591d01[nircmd.cfexe]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Trevan\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\cookies.txt[.xiti.com/]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{2915307C-FF9F-4DA5-AF05-499B8FB8A17C}
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{406C9BF6-A789-4BE9-B676-CC3BDC7F1E91}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5FA94C56-4CB5-4948-8A9B-02820D12F85B}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{9ABC63CE-115A-46B6-B111-3F41584AC739}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{BD648AFE-C0B0-4837-A97E-CAB5F558AD7B}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C1A11BB2-B39B-4781-80E4-657C49093BE6}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{DF909D7D-6AD4-466E-AFC9-D70BD65AD998}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{F0D43BA9-9B71-4D0D-AF8B-0057889EBFE3}
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Trevan\Cookies\trevan@atdmt[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Trevan\Desktop\ComboFix.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Trevan\Desktop\ComboFix.exe[nircmd.cfexe]
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Aphex.exe
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip.vir[B.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip.vir[V.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip.vir[Dummy.class]
Virus:Trojan Horse Disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip.vir[A.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[VBUG.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[Dummy.class]
Adware:Adware/Startpage.JU Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[Beyond.class]
Dialer:Dialer.TY Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[winmodem.exe]
Adware:Adware/Startpage.RJ Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[rundll32.exe]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip.vir[Dummy.class]
Adware:Adware/StartPage.APE Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-170b1986.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a78-3327dc8a.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-27bc085e-3a83aec0.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-53294b99.zip.vir[javainstaller/InstallerApplet.class]
Virus:Trj/Downloader.SCI Disinfected C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2008-01-16_180148.67.zip[jkhhf.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\htvowowq.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jkhhf.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mllmj.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nnxlwxpy.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ynyvwtvf.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\zonijlus.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:44 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khfebbx - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 9524 bytes