ATF Cleaner
Malawarebyte's Anti-Malware (log below)
Super AntiSpyware (log below)
Panda ActiveScan (log below)
Hijack This (log below)
I am not sure if my computer still has viruses or not, I was worried because each scan I ran seemed to find something new.
Thanks you very much,
Lauren C.
Malwarebytes' Anti-Malware 1.20
Database version: 942
Windows 5.1.2600 Service Pack 2
12:59:55 PM 7/12/2008
mbam-log-7-12-2008 (12-59-55).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 169448
Time elapsed: 45 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\netquartz ez-platform 2\ez-pad\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.
SUPERAntiSpyware Scan Log
Generated 07/14/2008 at 11:50 AM
Application Version : 3.6.1000
Core Rules Database Version : 3503
Trace Rules Database Version: 1494
Scan type : Complete Scan
Total Scan Time : 00:51:40
Memory items scanned : 375
Memory threats detected : 0
Registry items scanned : 8321
Registry threats detected : 0
File items scanned : 71998
File threats detected : 22
Adware.Tracking Cookie
C:\Documents and Settings\Clark\Cookies\clark@atwola[1].txt
C:\Documents and Settings\Clark\Cookies\clark@realmedia[1].txt
C:\Documents and Settings\Clark\Cookies\clark@collective-media[2].txt
C:\Documents and Settings\Clark\Cookies\clark@adinterax[2].txt
C:\Documents and Settings\Clark\Cookies\[email protected][1].txt
C:\Documents and Settings\Clark\Cookies\clark@crackle[2].txt
C:\Documents and Settings\Clark\Cookies\clark@revsci[1].txt
C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
C:\Documents and Settings\Clark\Cookies\clark@adserver[1].txt
C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
C:\Documents and Settings\Clark\Cookies\clark@adbrite[2].txt
C:\Documents and Settings\Clark\Cookies\clark@tacoda[2].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\clark@atwola[1].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\clark@revsci[2].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\clark@tacoda[1].txt
Adware.IWinGames
C:\PROGRAM FILES\EXPLORETITANIC\IWINGAMESHOOKIE.DLL
C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-16 21:06:30
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.516 7.5.516 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Clark\Cookies\clark@realmedia[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Clark\Cookies\clark@atwola[1].txt
00521370 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\hidden-expedition-titanic-setup.exe[iWinGamesHookIE.dll]
00521370 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP266\A0079640.dll
00521370 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\magic-academy-setup.exe[iWinGamesHookIE.dll]
00521370 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP266\A0079639.dll
00521370 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\mystery-case-files-ravenhearst-setup.exe[iWinGamesHookIE.dll]
01662104 W32/Sdbot.LBC.worm Virus/Worm No 1 Yes No C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\ac.ifn
02893773 Spyware/Iehelp Spyware No 1 Yes No C:\Program Files\iWin Games\AdminWorker.exe
02893775 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\hidden-expedition-titanic-setup.exe[iWinArcadeLauncher.exe]
02893775 Spyware/Iehelp Spyware No 1 Yes No C:\Program Files\iWin Games\firefox\iWinArcadeLauncher.exe
02893775 Spyware/Iehelp Spyware No 1 Yes No C:\Program Files\ExploreTitanic\firefox\iWinArcadeLauncher.exe
02893775 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\magic-academy-setup.exe[iWinArcadeLauncher.exe]
02893775 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\mystery-case-files-ravenhearst-setup.exe[iWinArcadeLauncher.exe]
02990320 Application/BoontyGames HackTools No 0 Yes No C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location i
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description i
;===============================================================================
=================================================================================
===================
182048 HIGH MS07-069 i
176382 HIGH MS07-057 i
170906 HIGH MS07-045 i
170904 HIGH MS07-043 i
164913 HIGH MS07-033 i
160623 HIGH MS07-027 i
150253 HIGH MS07-016 i
141030 HIGH MS06-072 i
137568 HIGH MS06-067 i
126083 HIGH MS06-042 i
120815 HIGH MS06-022 i
120814 HIGH MS06-021 i
114664 HIGH MS06-013 i
;===============================================================================
=================================================================================
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:29 AM, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Clark\Desktop\SOFTWARE\Virus REmoval STuff\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeechExec Startup] C:\Program Files\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_SA6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.c...PUploader45.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.corddigit...ploadClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
--
End of file - 7270 bytes