Completed ActiveScan - Log as follows:
Incident Status Location
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/nCase No disinfected C:\WINDOWS\System32\msbb???.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\System32\in10b6s.dll
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\System32\ATPartners.dll
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\System32\SWRT??.dll
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\System32\InnerVBInstall.log
Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/Comet No disinfected C:\WINDOWS\inf\dm.inf
Adware:Adware/404Search No disinfected C:\WINDOWS\System32\K404SearchSetup*.exe
Adware:Adware/MyWebSearch No disinfected Windows Registry
Adware:Adware/InstaFinder No disinfected C:\Program Files\INSTAFINK
Adware:Adware/IGuard No disinfected Windows Registry
Spyware:Spyware/RXToolbar No disinfected C:\Program Files\RXToolBar
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\msbb321.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\in10b6s.dll
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\SWRT01.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\SplWbr.dll
Spyware:Spyware/RXToolbar No disinfected C:\WINDOWS\system32\RxBarSetup.dll
Adware:Adware/NetPals No disinfected C:\WINDOWS\system32\ATPartners.dll
Adware:Adware/404Search No disinfected C:\WINDOWS\system32\k404SearchSetup_MS28.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\BO2809040510.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\INNERADINSTALL.LOG
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\INNERVBINSTALL.LOG
Adware:Adware/Comet No disinfected C:\WINDOWS\inf\dm.inf
Adware:Adware/Comet No disinfected C:\WINDOWS\inf\dm.PNF
Adware:Adware/Gator No disinfected C:\WINDOWS\Installer\37ff2.msi[unk_0034]
Adware:Adware/eZula No disinfected C:\WINDOWS\Installer\37ff2.msi[unk_0035]
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\UploadSoapReadme.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\cmgsbxyv.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\grim aim mail.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\cocvzafk.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\ykdowzrs.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\ybazznmn.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\dcgkuemt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\dtkjnpwb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\mqictmdj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Katherine Grantham\Application Data\heckisocash\dydhnmbl.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Reg Grantham\Application Data\heckisocash\UploadSoapReadme.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Reg Grantham\Application Data\heckisocash\wgtxcffw.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Reg Grantham\Application Data\heckisocash\grim aim mail.exe
Spyware:Spyware/Hyperbar No disinfected C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
Possible Virus. No disinfected C:\Program Files\4U Computing\WMA MP3 Converter\ID3Editor.exe
Adware:Adware/InstaFinder No disinfected C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
-----------------------------------------------------------------------------------
HJT LOG:
Logfile of HijackThis v1.99.1
Scan saved at 8:32:53 PM, on 13/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\Sam Grantham\Desktop\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://minisearch.startnow.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://minisearch.startnow.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Microsoft AntiSpyware helper - {9E11CC13-3CCF-4756-BF1B-A092BA62667E} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9E11CC13-3CCF-4756-BF1B-A092BA62667E} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {9E11CC13-3CCF-4756-BF1B-A092BA62667E} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9E11CC13-3CCF-4756-BF1B-A092BA62667E} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab28578.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1111732052386O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab28578.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) -
http://www.35mb.com/downloadapplet.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://au.zone.msn.c...aploader_v5.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab28578.cabO23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe