I found out what the problem was when I tried Trend Micro's scan. I had to allow cookies in order to do both.
Here are all the logs:
HIJACK THISLogfile of HijackThis v1.99.1
Scan saved at 1:37:24 PM, on 6/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.oneclicks...earch.php?qq=%1O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1119860151639O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
EWIDO---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:52:09 PM, 6/25/2005
+ Report-Checksum: 608633B0
+ Date of database: 6/25/2005
+ Version of scan engine: v3.0
+ Duration: 57 min
+ Scanned Files: 88062
+ Speed: 25.65 Files/Second
+ Infected files: 1
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\WINDOWS\uninstIU.exe -> Trojan.Agent.eo -> Cleaned with backup
::Report End
PANDA ACTIVE SCANIncident Status Location
Adware:Adware/PortalScan No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\The Dee\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\The Dee\Favorites\online dating.url
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\tool.exe
Adware:Adware/Spywad No disinfected C:\WINDOWS\ms2.exe
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Black Jack Online.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Adipex.url
Adware:Adware/Smitfraud No disinfected Windows Registry
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Black Jack Online.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Home Loan.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Network Security.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\The Dee\Favorites\Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\The Dee\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Online Gambling.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Adipex.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Alprazolam.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Carisoprodol.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Diazepam.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Hydrocodone.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Lortab.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Online Pharmacy.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Prozac.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Valium.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Vicodin.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy\Xanax.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Online Pharmacy.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Remove Spyware.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Spam Filters.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Take It Here - Free [bleep] TGP.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\The Dee\Favorites\Web Detective.url
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Inbox\E-mail account security warning.\Information.zip
Virus:W32/Bagle.pwdzip Disinfected C:\Outmail\E-mail account security warning .RB0[Information.zip]
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Inbox\E-mail account security warning.\Information.zip
Possible Virus. No disinfected C:\WINDOWS\Downloaded Installations\{D01E8C08-46DD-4143-AF15-82893DE7FCD2}\Data.Cab[F2309_Stealth.exe]
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\ms1.exe
Adware:Adware/Spywad No disinfected C:\WINDOWS\ms2.exe
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\ms3.exe
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\ms4.exe
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\tool.exe
TREND MICRO HOUSECALLTrend Micro Housecall Virus Scan0 virus cleaned, 0 virus deleted
Results:
We have detected 0 infected file(s) with 0 virus(es) on your
computer. Only 0 out of 0 infected files are displayed:
- 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected FileAssociated Virus NameAction Taken
Trojan/Worm Check0 worm/Trojan horse deleted
What we checked:
Malicious activity by a Trojan horse program. Although a
Trojan seems like a harmless program, it contains malicious
code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your
computer. Only 0 out of 0 Trojan horse programs and worms are
displayed: - 0 worm(s)/Trojan(s) passed, 0
worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s)
undeletable
Trojan/Worm NameTrojan/Worm TypeAction Taken
Spyware Check2 spyware programs removed
What we checked:
Whether personal information was tracked and reported by
spyware. Spyware is often installed secretly with legitimate
programs downloaded from the Internet.
Results:
We have detected 5 spyware(s) on your computer. Only 0 out of
0 spywares are displayed: - 3 spyware(s) passed, 0
spyware(s) no action available
- 2 spyware(s) removed, 0 spyware(s) unremovable
Spyware NameSpyware TypeAction Taken
COOKIE_169CookiePass
COOKIE_174CookiePass
SPYW_ZANIT.ASpywareRemoval successful
ADW_SHOPNAV.DAdwareRemoval successful
COOKIE_3201CookiePass
Microsoft Vulnerability Check28 vulnerabilities detected
What we checked:
Microsoft known security vulnerabilities. These are issues
Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 28 vulnerability/vulnerabilities on your
computer. Only 0 out of 0 vulnerabilities are displayed.
Risk LevelIssueHow to Fix
Highly CriticalThis vulnerability enables a remote
attacker to execute any file that can be rendered
as text, and be opened as part of a page in
Internet Explorer. MS03-014
Highly CriticalThese vulnerabilities, which are
due to Internet Explorer not properly determining
an object type returned from a Web server in a
popup window or during XML data binding,
respectively, could allow an attacker to run
arbitrary code on a user's system. MS03-040
CriticalThis vulnerability could allow an attacker
to access information from other Web sites, access
files on a user's system, and run arbitrary code
on a user's system, wherein this is executed under
the security context of the currently logged on
user.;This vulnerability could allow an attacker
to save a file on the users system. This is due to
dynamic HTML events related to the drag-and-drop
of Internet Explorer.;This vulnerability, which is
due to the incorrect parsing of URLs which contain
special characters, could allow an attacker to
trick a user by presenting one URL in the address
bar, wherein it actually contains the content of
another web site of the attackers choice.
MS04-004
CriticalThe MHTML URL Processing Vulnerability
allows remote attackers to bypass domain
restrictions and execute arbitrary code via script
in a compiled help (CHM) file that references the
InfoTech Storage (ITS) protocol handlers.This
could allow an attacker to take complete control
of an affected system. MS04-013
ModerateA denial of service (DoS) vulnerability
exists in Outlook Express that could cause the
said program to fail. The malformed email should
be removed before restarting Outlook Express in
order to regain its normal operation. MS04-018
CriticalThe Navigation Method Cross-Domain
Vulnerability is a remote execution vulnerability
that exists in Internet Explorer because of the
way that it handles navigation methods. An
attacker could exploit this vulnerability by
constructing a malicious Web page that could
potentially allow remote code execution if a user
visits a malicious Web site.;The Malformed BMP
File Buffer Overrun Vulnerability exists in the
processing of BMP image file formats that could
allow remote code execution on an affected
system.;The Malformed GIF File Double Free
Vulnerability is a buffer overrun vulnerability
that exists in the processing of GIF image file
formats that could allow remote code execution on
an affected system. MS04-025
CriticalThis is a remote code execution
vulnerability that exists in the Internet
Explorer. It allows remote code execution on an
affected system. An attacker could exploit this
vulnerability by constructing a malicious Web
Page. The said routine could allow remote code
execution if a user visited a malicious Web site.
An attacker who successfully exploited this
vulnerability could take complete control of an
affected system. However, significant user
interaction is required to exploit this
vulnerability. MS04-038
CriticalThis security update addresses and
resolves a vulnerability in Internet Explorer that
could allow remote code execution. A Web page can
be crafted to exploit this vulnerability such that
an arbitrary application can be executed on
visiting systems with the same priviledge as the
currently logged on user. MS04-040
ImportantThis security advisory explains the two
discovered vulnerabilities in Microsoft Word for
Windows 6.0 Converter, which is used by WordPad in
converting Word 6.0 to WordPad file format. Once
exploited, this remote code execution
vulnerability could allow a malicious user or a
malware to take complete control of the affected
system if the affected user is currently logged on
with administrative privileges. MS04-041
CriticalA remote code execution vulnerability
exists in HyperTerminal because of a buffer
overrun. If a user is logged on with administrator
privileges, an attacker could exploit the
vulnerability by constructing a malicious
HyperTerminal session file that could potentially
allow remote code execution and then persuade a
user to open this file. This malicious file may
enable the attacker to gain complete control of
the affected system. This vulnerability could also
be exploited through a malicious Telnet URL if
HyperTerminal had been set as the default Telnet
client. MS04-043
ImportantThis security update addresses and
resolves two windows vulnerabilites, both of which
may enable the current user to take control of the
affected system. Both of these vulnerabilites
require that the curernt user be able to log on
locally and execute programs. They cannot be
exploited remotely, or by anonymous users. A
privilege elevation vulnerability exists in the
way that the Windows Kernel launches applications.
This vulnerability could allow the current user to
take complete control of the system. A privilege
elevation vulnerability exists in the way that the
LSASS validates identity tokens. This
vulnerability could allow the current user to take
complete control of the affected system. MS04-044
CriticalThis update resolves a newly-discovered,
publicly reported vulnerability. A vulnerability
exists in the HTML Help ActiveX control in Windows
that could allow information disclosure or remote
code execution on an affected system. MS05-001
CriticalThis update resolves several
newly-discovered, privately reported and public
vulnerabilities. An attacker who successfully
exploited the most severe of these vulnerabilities
could take complete control of an affected system,
install programs, view, change, or delete data, or
create new accounts that have full privileges.
MS05-002
ImportantThis update resolves a newly-discovered,
privately reported vulnerability. An attacker who
successfully exploited this vulnerability could
take complete control of an affected system. An
attacker could then install programs, view,
change, or delete data, or create new accounts
with full privileges. While remote code execution
is possible, an attack would most likely result in
a denial of service condition. MS05-003
ImportantThis is an information disclosure
vulnerability. An attacker who successfully
exploits this vulnerability could remotely read
the user names for users who have an open
connection to an available shared resource.
MS05-007
ImportantThis remote code execution vulnerability
exists in the way Windows handles drag-and-drop
events. An attacker could exploit the
vulnerability by constructing a malicious Web page
that could potentially allow an attacker to save a
file on the users system if a user visited a
malicious Web site or viewed a malicious e-mail
message. MS05-008
CriticalThis remote code execution vulnerability
exists in the processing of PNG image formats. An
attacker who successfully exploits this
vulnerability could take complete control of an
affected system. MS05-009
CriticalThis remote code execution vulnerability
exists in Server Message Block (SMB). It allows an
attacker who successfully exploits this
vulnerability to take complete control of the
affected system. MS05-011
CriticalThis privilege elevation vulnerability
exists in the way that the affected operating
systems and programs access memory when they
process COM structured storage files. This
vulnerability could grant a currently logged-on
user to take complete control of the system.;This
remote code execution vulnerability exists in OLE
because of the way that it handles input
validation. An attacker could exploit the
vulnerability by constructing a malicious document
that could potentially allow remote code
execution. MS05-012
CriticalThis vulnerability exists in the DHTML
Editing Component ActiveX Control. This
vulnerability could allow information disclosure
or remote code execution on an affected system.
MS05-013
CriticalThis update resolves known vulnerabilities
affecting Internet Explorer. An attacker who
successfully exploits these vulnerabilities could
take complete control of an affected system. An
attacker could then install programs; view,
change, or delete data; or create new accounts
with full user rights. MS05-014
CriticalA remote code execution vulnerability
exists in the Hyperlink Object Library. This
problem exists because of an unchecked buffer
while handling hyperlinks. An attacker could
exploit the vulnerability by constructing a
malicious hyperlink which could potentially lead
to remote code execution if a user clicks a
malicious link within a Web site or e-mail
message. MS05-015
ImportantA remote code execution vulnerability
exists in the Windows Shell because of the way
that it handles application association. If a user
is logged on with administrative privileges, an
attacker who successfully exploited this
vulnerability could take complete control of the
affected system. However, user interaction is
required to exploit this vulnerability. MS05-016
ImportantA remote code execution vulnerability
exists in Message Queuing that could allow an
attacker who successfully exploited this
vulnerability to take complete control of the
affected system. MS05-017
ImportantThis security bulletin resolves
newly-discovered, privately-reported
vulnerabilities affecting Windows. An attacker who
successfully exploited the most severe of these
vulnerabilities could take complete control of an
affected system. An attacker could then install
programs; view, change, or delete data; or create
new accounts with full user rights. MS05-018
CriticalThis security bulletin resolves newly
discovered, privately-reported vulnerabilities
affecting Windows. An attacker who successfully
exploited the most severe of these vulnerabilities
could take complete control of an affected system.
An attacker could then install programs; view,
change, or delete data; or create new accounts
with full user rights. However, an attacker who
successfully exploited the most severe of these
vulnerabilities would most likely cause the
affected system to stop responding. MS05-019
CriticalThis security bulletin resolves three
newly-discovered, privately-reported
vulnerabilities affecting Internet Explorer. If a
user is logged on with administrative user rights,
an attacker who successfully exploited any of
these vulnerabilities could take complete control
of an affected system. An attacker could then
install programs; view, change, or delete data; or
create new accounts with full user rights.
MS05-020
CriticalA remote code execution vulnerability
exists in MSN Messenger that could allow an
attacker who successfully exploited this
vulnerable to take complete control of the
affected system. MS05-022
Sign In
Create Account
