Thread: Possible Spamming Virus
View Single Post
Old 08-05-2007, 10:23 PM   #1 (permalink)
dland
Registered User
 
Join Date: Dec 2006
Posts: 10
OS: WinXP


Possible Spamming Virus
I recently received an email from a postmaster saying that a spam email that had been sent by my account was sent to a user that could not be reached. Since I don't spam people, I assumed that I had contracted a virus that is using my email for its own nefarious purposes (unless the postmaster email is a fake). Anyway, this prompted me to run some long-overdue spyware scans which revealed a lot of issues with my system. I used Spybot and Adaware to remove quite a few but Panda Active Scan still found a lot. Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:13:47 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HiJackThis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index....10292&ttid=104
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.akamai.net
O15 - Trusted Zone: http://*.live.com
O15 - Trusted Zone: http://*.netlibrary.com
O15 - Trusted Zone: http://*.start.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://ampfemail.ampadvisor.aexp.co...om0/iNotes.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1152030466531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152030460656
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc03.custhelp.com/7520-b.../java/RntX.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{974A6EBD-595C-4796-B43F-04B6D928C155}: NameServer = 10.9.2.200 10.9.2.205
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 9448 bytes


Here is my Panda log:


Incident Status Location

Virus:trj/downloader.aee Disinfected Operating system
Adware:adware/ipinsight Not disinfected c:\windows\inf\polall1r.inf
Adware:adware/ncase Not disinfected c:\windows\didduid.ini
Adware:adware/sidesearch Not disinfected c:\windows\sepsd.bin
Adware:adware/portalscan Not disinfected c:\program files\STC
Adware:adware/iedriver Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Adware:adware/delfinmedia Not disinfected Windows Registry
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Ahy0J.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\AyeYd.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Cxmql42.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Fah1q5.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\HuoTdA.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Ioq3SEW6.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Jlyov72.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Lus22B.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\QlsO0A55.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Sacm.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Szep85ln.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\VsbW.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Xay5.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Zaf85.exe
Adware:Adware/MemoryWatcher Not disinfected C:\!PeperFix\Zvn6.exe
Adware:Adware/PurityScan Not disinfected C:\!Submit\enth.exe
Adware:Adware/Midaddle Not disinfected C:\!Submit\n489jdP.exe
Adware:Adware/StatBlaster Not disinfected C:\!Submit\s2aP6Ra8.exe
Adware:Adware/BrowserAid Not disinfected C:\dist1_1_00.exe
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.com.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[.xiti.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\cookies.txt[server.iad.liveperson.net/hc/73488016]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Profiles\default\aesw3y7k.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Profiles\default\aesw3y7k.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Profiles\default\aesw3y7k.slt\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Profiles\default\aesw3y7k.slt\cookies.txt[.go.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Profiles\default\aesw3y7k.slt\cookies.txt[.paycounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Profiles\default\aesw3y7k.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Profiles\default\aesw3y7k.slt\cookies.txt[.webpower.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\David K. Land\Application Data\Mozilla\Profiles\default\aesw3y7k.slt\cookies.txt[.yadro.ru/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-21cc6023.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-21cc6023.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-21cc6023.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-21cc6023.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-73d6fff5.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-73d6fff5.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-73d6fff5.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-73d6fff5.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3a0e8367.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3a0e8367.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3a0e8367.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\David K. Land\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6604b080-3a0e8367.zip[Installer.class]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\David K. Land\Cookies\dave@com[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\David K. Land\Cookies\dave@go[2].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\David K. Land\Cookies\dave@metriweb[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\David K. Land\Cookies\david_k._land@go[2].txt
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\David K. Land\My Documents\HijackThis\backups\backup-20041222-201638-280.dll
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.atwola.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.go.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.bfast.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.statse.webtrendslive.com/dcsx41mnd5twkf8wyp5mo4xok_6c8d]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.target.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[statse.webtrendslive.com/S131024]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Tamara Faraone\Application Data\Mozilla\Firefox\Profiles\8ssaeew9.default\cookies.txt[.rightmedia.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@112.2o7[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@c5.zedo[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@centrport[2].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@delfinproject[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@ehg-dig.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@fastclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@go[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@linksynergy[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@questionmarket[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@rightmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@server.iad.liveperson[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@statcounter[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@www.burstbeacon[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tamara Faraone\Cookies\tamara faraone@zedo[1].txt
Adware:Adware/StartPage.BR Not disinfected C:\FINDnFIX\Files2\un.exe
Adware:Adware/IEDriver Not disinfected C:\Overpro323.exe
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Virus:Trj/Downloader.gen Disinfected C:\Program Files\Internet Explorer\blvbdhuy.exe
Adware:Adware/Midaddle Not disinfected C:\WINDOWS\Temp\addit.exe[clicks.dll]
Adware:Adware/Midaddle Not disinfected C:\WINDOWS\Temp\addit.exe[Updater.exe]
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\all_files10.exe[Overpro323.exe]
Virus:Trj/Downloader.OE Not disinfected C:\WINDOWS\Temp\all_files10.exe[Overpro323.exe][dp-him.exe]
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\all_files10.exe[Overpro323.exe][IEHost.EXE]
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\all_files10.exe[Overpro323.exe][Searchx.htm]
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\all_files10.exe[Overpro323.exe][terrabyte.exe]
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\all_files10.exe[Overpro323.exe][ms.exe]
Spyware:Spyware/Apropos Not disinfected C:\WINDOWS\Temp\all_files10.exe[july14_loader.exe]
Adware:Adware/eZula Not disinfected C:\WINDOWS\Temp\all_files10.exe[ezStub.exe]
Virus:Trj/CHost.A Not disinfected C:\WINDOWS\Temp\all_files10.exe[EXACTADVERTISING.exe]
Adware:Adware/BrowserAid Not disinfected C:\WINDOWS\Temp\all_files10.exe[dist1_1_00.exe]
Adware:Adware/Midaddle Not disinfected Personal Folders\Sent Items\HJT forum files\n489jdP.zip[n489jdP.exe]
Adware:Adware/StatBlaster Not disinfected Personal Folders\Sent Items\HJT forum files\s2aP6Ra8.zip[s2aP6Ra8.exe]
Virus:Trj/Downloader.ADH Disinfected Personal Folders\Sent Items\HJT forum files\winpack.zip[winpack.exe]
Adware:Adware/ESyndicate Not disinfected Personal Folders\Sent Items\HJT forum files\esyn.zip[esyn.dll]
Adware:Adware/PurityScan Not disinfected Personal Folders\Sent Items\HJT forum files\enth.zip[enth.exe]
Adware:Adware/PurityScan Not disinfected Personal Folders\Sent Items\HJT forum files\drm.zip[drm.dll]
Adware:Adware/Midaddle Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\n489jdP.zip[n489jdP.exe]
Adware:Adware/StatBlaster Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\s2aP6Ra8.zip[s2aP6Ra8.exe]
Virus:Trj/Downloader.ADH Disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\winpack.zip[winpack.exe]
Adware:Adware/PurityScan Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\enth.zip[enth.exe]
Adware:Adware/ESyndicate Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\esyn.zip[esyn.dll]
Adware:Adware/PurityScan Not disinfected Personal Folders\Sent Items\Files from http://forums.spywareinfo.com\drm.zip[drm.dll]


Thanks for the help,
Dave
dland is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here