Tech Support Forum - View Single Post - Hijackthis log - Nasty CWS about:blank hijacker, and more!

wrybri · 07-10-2005, 04:39 PM

Thanks for your speedy assistance Omerr! I've taken all the steps you detailed and the about:blank hijacker is definitely gone since I can open IE to my homepage of choice. The Panda scan detected a whole whack of stuff, though a lot of this looks like adware-added IE favourites that have just piled up (I don't use IE any more - Firefox all the way!) over time without me culling them.

Here are the new logs from Hijackthis, Aboutbuster, and Activescan:

HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 3:18:03 PM, on 7/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05c24f3c...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100597589093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zum...ploader_v5.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

AboutBuster
AboutBuster 5.0 reference file 30
Scan started on [7/10/2005] at [12:49:01 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\adduc.dll:akgezb
Removed Stream! C:\WINDOWS\adduc.dll:mhmkk
Removed Stream! C:\WINDOWS\appwi32.dll:jywfl
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:brokf
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:tltwie
Removed Stream! C:\WINDOWS\CTDV10K1.CDF:qoogj
Removed Stream! C:\WINDOWS\CTDVAUDY.CDF:chcsfr
Removed Stream! C:\WINDOWS\d3lb32.dll:ujgzy
Removed Stream! C:\WINDOWS\desktop.ini:dufsm
Removed Stream! C:\WINDOWS\Direct Connect Setup Log.txt:xkjju
Removed Stream! C:\WINDOWS\DirectX.log:talwla
Removed Stream! C:\WINDOWS\DirectX.log:wnpfp
Removed Stream! C:\WINDOWS\Greenstone.bmp:kbyqbt
Removed Stream! C:\WINDOWS\Greenstone.bmp:thrzg
Removed Stream! C:\WINDOWS\ielm.dll:cbrevv
Removed Stream! C:\WINDOWS\ieuninst.exe:cozcr
Removed Stream! C:\WINDOWS\IFinst27.exe:zhmyh
Removed Stream! C:\WINDOWS\iis6.log:krwob
Removed Stream! C:\WINDOWS\iis6.log:likea
Removed Stream! C:\WINDOWS\KB824141.log:okfcy
Removed Stream! C:\WINDOWS\KB826939.log:oqqif
Removed Stream! C:\WINDOWS\KB828028.log:hlqhs
Removed Stream! C:\WINDOWS\KB828028.log:iyptt
Removed Stream! C:\WINDOWS\krbob.log:htpim
Removed Stream! C:\WINDOWS\MedCtrOC.log:ayhzo
Removed Stream! C:\WINDOWS\msdfmap.ini:pfcmp
Removed Stream! C:\WINDOWS\msdfmap.ini:snbsp
Removed Stream! C:\WINDOWS\NeroDigital.ini:igurj
Removed Stream! C:\WINDOWS\NeroDigital.ini:kfmfr
Removed Stream! C:\WINDOWS\NOTEPAD.EXE:sgned
Removed Stream! C:\WINDOWS\ntdtcsetup.log:vgell
Removed Stream! C:\WINDOWS\n_ihobte.txt:kuhuyg
Removed Stream! C:\WINDOWS\ocgen.log:lhykf
Removed Stream! C:\WINDOWS\ocmsn.log:xfxnx
Removed Stream! C:\WINDOWS\ODBC.INI:nhxqf
Removed Stream! C:\WINDOWS\OEWABLog.txt:qgqbr
Removed Stream! C:\WINDOWS\Osaka Screen Saver.scr:fhhvh
Removed Stream! C:\WINDOWS\osjiy.txt:khalsu
Removed Stream! C:\WINDOWS\PCDLIB32.DLL:ahagt
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:orresd
Removed Stream! C:\WINDOWS\REGLOCS.OLD:ynwirc
Removed Stream! C:\WINDOWS\regopt.log:omupzq
Removed Stream! C:\WINDOWS\Rhododendron.bmp:eibbv
Removed Stream! C:\WINDOWS\rjeac.dat:ztuppy
Removed Stream! C:\WINDOWS\SBWIN.INI:hxhmf
Removed Stream! C:\WINDOWS\SBWIN.INI:jgaanp
Removed Stream! C:\WINDOWS\SBWIN.INI:wjugp
Removed Stream! C:\WINDOWS\Setup1.exe:vvjwd
Removed Stream! C:\WINDOWS\setupact.log:fpucvl
Removed Stream! C:\WINDOWS\setuperr.log:qnmbaw
Removed Stream! C:\WINDOWS\ST6UNST.EXE:gpupz
Removed Stream! C:\WINDOWS\svcpack.log:agfgug
Removed Stream! C:\WINDOWS\tjgav.dat:sgxtwj
Removed Stream! C:\WINDOWS\tqijh.log:lkbkca
Removed Stream! C:\WINDOWS\twain_32.dll:tjitf
Removed Stream! C:\WINDOWS\twunk_16.exe:hvkhx
Removed Stream! C:\WINDOWS\UltimateBuddy.INI:ekmpwk
Removed Stream! C:\WINDOWS\UltimateBuddy.INI:lhiyqt
Removed Stream! C:\WINDOWS\unhfxpackatifx.log:ljtgz
Removed Stream! C:\WINDOWS\vb.ini:ttskhd
Removed Stream! C:\WINDOWS\WMPrfCHS.prx:eyedd
Removed Stream! C:\WINDOWS\wmprfheb.prx:xgpgn
Removed Stream! C:\WINDOWS\wmprfita.prx:nfcwoo
Removed Stream! C:\WINDOWS\wmprfplk.prx:ibvbwv
Removed Stream! C:\WINDOWS\wmprfptb.prx:sbdmq
Removed Stream! C:\WINDOWS\wmprfptb.prx:sbdmq
Removed Stream! C:\WINDOWS\wmprfptg.prx:zxpkt
Removed Stream! C:\WINDOWS\wmprfslv.prx:wvaja
Removed Stream! C:\WINDOWS\WMSysPr9.prx:hwtod
Removed Stream! C:\WINDOWS\WMSysPr9.prx:kyadp
Removed Stream! C:\WINDOWS\WMSysPr9.prx:mbwph
Removed Stream! C:\WINDOWS\WMSysPr9.prx:mbwph
Removed Stream! C:\WINDOWS\zmiyu.dat:sqwzz
Removed Stream! C:\WINDOWS\_default.pif:qjpqa
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:agrmsd
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:bdfqpv
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:ceiitr
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:dbfssm
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:fglbqe
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:fjvyfw
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:gxlzbx
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:hlzehb
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:hnggqb
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:hxuteh
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:lamnqc
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:ljdgjd
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:milskt
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:ocpxmp
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:olhrfq
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:oxtmgv
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:picmlp
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:pmnbwq
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:rzpkxs
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:sztzvr
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:ufswot
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:uisfqj
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:xgdgko
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:xmvotg
Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:zywfdi
------------------------------------------------
Removed File! : C:\Windows\pisxh.dat
Removed File! : C:\Windows\rjeac.dat
Removed File! : C:\Windows\tjgav.dat
Removed File! : C:\Windows\uupse.dll
Removed File! : C:\Windows\System32\bjwnb.dat
Removed File! : C:\Windows\System32\javacy.exe
Removed File! : C:\Windows\System32\wqfaj.dat
Removed File! : C:\Windows\System32\yjlvi.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 12:49:43 PM

AboutBuster 5.0 reference file 30
Scan started on [7/10/2005] at [1:15:38 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:16:10 PM

Panda Activescan

Incident Status Location

Adware:Adware/eZula No disinfected C:\Program Files\eZula
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Only sex website.url
Adware:Adware/ExactSearch No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Ab scissor.url
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Sonia Kitty\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3e437c28-47e2bc35.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Sonia Kitty\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-45b047-3fa1eea8.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Sonia Kitty\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4f7ed983-6ef4da18.zip[Dummy.class]
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Only sex website.url
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Search the web.url
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Seven days of free porn.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\What is hydrocodone.url
Virus:Exploit/iFrame Disinfected Personal Folders\Deleted Items\*TELUS Detected Spam* Mail Delivery (failure blivesey@telus.net)\MSG_RTF.TXT
Adware:Adware/SearchAid No disinfected C:\Program Files\HijackThis\backups\backup-20050710-125234-650.dll
Adware:Adware/WUpd No disinfected C:\RECYCLER\S-1-5-21-790525478-484763869-682003330-500\Dc5.cab[WinadX.dll]
Adware:Adware/WUpd No disinfected C:\RECYCLER\S-1-5-21-790525478-484763869-682003330-500\Dc5.cab[WinadX.inf]
Adware:Adware/Howprotect No disinfected C:\RECYCLER\S-1-5-21-790525478-484763869-682003330-500\Dc6.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\RECYCLER\S-1-5-21-790525478-484763869-682003330-500\Dc7.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\addxf.exe
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\n_tgxehq.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crpz32.dll

07-10-2005, 04:39 PM	#4 (permalink)
wrybri Registered User Join Date: Jul 2005 Posts: 5 OS: XP	Round 2 Thanks for your speedy assistance Omerr! I've taken all the steps you detailed and the about:blank hijacker is definitely gone since I can open IE to my homepage of choice. The Panda scan detected a whole whack of stuff, though a lot of this looks like adware-added IE favourites that have just piled up (I don't use IE any more - Firefox all the way!) over time without me culling them. Here are the new logs from Hijackthis, Aboutbuster, and Activescan: HijackThis Logfile of HijackThis v1.99.1 Scan saved at 3:18:03 PM, on 7/10/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\ATI Multimedia\main\ATISched.EXE C:\Program Files\eMule\emule.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05c24f3c...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100597589093 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zum...ploader_v5.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) AboutBuster AboutBuster 5.0 reference file 30 Scan started on [7/10/2005] at [12:49:01 PM] ------------------------------------------------ Removed Stream! C:\WINDOWS\adduc.dll:akgezb Removed Stream! C:\WINDOWS\adduc.dll:mhmkk Removed Stream! C:\WINDOWS\appwi32.dll:jywfl Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:brokf Removed Stream! C:\WINDOWS\Coffee Bean.bmp:tltwie Removed Stream! C:\WINDOWS\CTDV10K1.CDF:qoogj Removed Stream! C:\WINDOWS\CTDVAUDY.CDF:chcsfr Removed Stream! C:\WINDOWS\d3lb32.dll:ujgzy Removed Stream! C:\WINDOWS\desktop.ini:dufsm Removed Stream! C:\WINDOWS\Direct Connect Setup Log.txt:xkjju Removed Stream! C:\WINDOWS\DirectX.log:talwla Removed Stream! C:\WINDOWS\DirectX.log:wnpfp Removed Stream! C:\WINDOWS\Greenstone.bmp:kbyqbt Removed Stream! C:\WINDOWS\Greenstone.bmp:thrzg Removed Stream! C:\WINDOWS\ielm.dll:cbrevv Removed Stream! C:\WINDOWS\ieuninst.exe:cozcr Removed Stream! C:\WINDOWS\IFinst27.exe:zhmyh Removed Stream! C:\WINDOWS\iis6.log:krwob Removed Stream! C:\WINDOWS\iis6.log:likea Removed Stream! C:\WINDOWS\KB824141.log:okfcy Removed Stream! C:\WINDOWS\KB826939.log:oqqif Removed Stream! C:\WINDOWS\KB828028.log:hlqhs Removed Stream! C:\WINDOWS\KB828028.log:iyptt Removed Stream! C:\WINDOWS\krbob.log:htpim Removed Stream! C:\WINDOWS\MedCtrOC.log:ayhzo Removed Stream! C:\WINDOWS\msdfmap.ini:pfcmp Removed Stream! C:\WINDOWS\msdfmap.ini:snbsp Removed Stream! C:\WINDOWS\NeroDigital.ini:igurj Removed Stream! C:\WINDOWS\NeroDigital.ini:kfmfr Removed Stream! C:\WINDOWS\NOTEPAD.EXE:sgned Removed Stream! C:\WINDOWS\ntdtcsetup.log:vgell Removed Stream! C:\WINDOWS\n_ihobte.txt:kuhuyg Removed Stream! C:\WINDOWS\ocgen.log:lhykf Removed Stream! C:\WINDOWS\ocmsn.log:xfxnx Removed Stream! C:\WINDOWS\ODBC.INI:nhxqf Removed Stream! C:\WINDOWS\OEWABLog.txt:qgqbr Removed Stream! C:\WINDOWS\Osaka Screen Saver.scr:fhhvh Removed Stream! C:\WINDOWS\osjiy.txt:khalsu Removed Stream! C:\WINDOWS\PCDLIB32.DLL:ahagt Removed Stream! C:\WINDOWS\Prairie Wind.bmp:orresd Removed Stream! C:\WINDOWS\REGLOCS.OLD:ynwirc Removed Stream! C:\WINDOWS\regopt.log:omupzq Removed Stream! C:\WINDOWS\Rhododendron.bmp:eibbv Removed Stream! C:\WINDOWS\rjeac.dat:ztuppy Removed Stream! C:\WINDOWS\SBWIN.INI:hxhmf Removed Stream! C:\WINDOWS\SBWIN.INI:jgaanp Removed Stream! C:\WINDOWS\SBWIN.INI:wjugp Removed Stream! C:\WINDOWS\Setup1.exe:vvjwd Removed Stream! C:\WINDOWS\setupact.log:fpucvl Removed Stream! C:\WINDOWS\setuperr.log:qnmbaw Removed Stream! C:\WINDOWS\ST6UNST.EXE:gpupz Removed Stream! C:\WINDOWS\svcpack.log:agfgug Removed Stream! C:\WINDOWS\tjgav.dat:sgxtwj Removed Stream! C:\WINDOWS\tqijh.log:lkbkca Removed Stream! C:\WINDOWS\twain_32.dll:tjitf Removed Stream! C:\WINDOWS\twunk_16.exe:hvkhx Removed Stream! C:\WINDOWS\UltimateBuddy.INI:ekmpwk Removed Stream! C:\WINDOWS\UltimateBuddy.INI:lhiyqt Removed Stream! C:\WINDOWS\unhfxpackatifx.log:ljtgz Removed Stream! C:\WINDOWS\vb.ini:ttskhd Removed Stream! C:\WINDOWS\WMPrfCHS.prx:eyedd Removed Stream! C:\WINDOWS\wmprfheb.prx:xgpgn Removed Stream! C:\WINDOWS\wmprfita.prx:nfcwoo Removed Stream! C:\WINDOWS\wmprfplk.prx:ibvbwv Removed Stream! C:\WINDOWS\wmprfptb.prx:sbdmq Removed Stream! C:\WINDOWS\wmprfptb.prx:sbdmq Removed Stream! C:\WINDOWS\wmprfptg.prx:zxpkt Removed Stream! C:\WINDOWS\wmprfslv.prx:wvaja Removed Stream! C:\WINDOWS\WMSysPr9.prx:hwtod Removed Stream! C:\WINDOWS\WMSysPr9.prx:kyadp Removed Stream! C:\WINDOWS\WMSysPr9.prx:mbwph Removed Stream! C:\WINDOWS\WMSysPr9.prx:mbwph Removed Stream! C:\WINDOWS\zmiyu.dat:sqwzz Removed Stream! C:\WINDOWS\_default.pif:qjpqa Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:agrmsd Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:bdfqpv Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:ceiitr Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:dbfssm Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:fglbqe Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:fjvyfw Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:gxlzbx Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:hlzehb Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:hnggqb Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:hxuteh Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:lamnqc Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:ljdgjd Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:milskt Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:ocpxmp Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:olhrfq Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:oxtmgv Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:picmlp Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:pmnbwq Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:rzpkxs Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:sztzvr Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:ufswot Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:uisfqj Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:xgdgko Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:xmvotg Removed Stream! C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80671102}.BAK:zywfdi ------------------------------------------------ Removed File! : C:\Windows\pisxh.dat Removed File! : C:\Windows\rjeac.dat Removed File! : C:\Windows\tjgav.dat Removed File! : C:\Windows\uupse.dll Removed File! : C:\Windows\System32\bjwnb.dat Removed File! : C:\Windows\System32\javacy.exe Removed File! : C:\Windows\System32\wqfaj.dat Removed File! : C:\Windows\System32\yjlvi.dat ------------------------------------------------ Scan was COMPLETED SUCCESSFULLY at 12:49:43 PM AboutBuster 5.0 reference file 30 Scan started on [7/10/2005] at [1:15:38 PM] ------------------------------------------------ No Ads Found! ------------------------------------------------ No Files Found! ------------------------------------------------ Scan was COMPLETED SUCCESSFULLY at 1:16:10 PM Panda Activescan Incident Status Location Adware:Adware/eZula No disinfected C:\Program Files\eZula Adware:Adware/SaveNow No disinfected Windows Registry Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Only sex website.url Adware:Adware/ExactSearch No disinfected Windows Registry Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Ab scissor.url Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Sonia Kitty\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3e437c28-47e2bc35.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Sonia Kitty\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-45b047-3fa1eea8.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Sonia Kitty\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4f7ed983-6ef4da18.zip[Dummy.class] Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Only sex website.url Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Search the web.url Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Seven days of free porn.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Ab scissor.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Broadband comparison.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Credit counseling.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Credit report.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Crm software.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Debt credit card.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Escorts.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Fha.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Health insurance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Help desk software.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Insurance home.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Loan for debt consolidation.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Loan for people with bad credit.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Marketing email.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Mortgage insurance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Mortgage life insurance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Nevada corporations.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Online Betting Site.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Online gambling casino.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Online instant loan.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Order phentermine.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Payroll advance.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Personal loans online.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Personal loans with bad credit.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Prescription Drugs Rx Online.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Refinancing my mortgage.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Tahoe vacation rental.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Unsecured bad credit loans.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\Videos.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Sonia Kitty\Favorites\Sites about\What is hydrocodone.url Virus:Exploit/iFrame Disinfected Personal Folders\Deleted Items\TELUS Detected Spam Mail Delivery (failure blivesey@telus.net)\MSG_RTF.TXT Adware:Adware/SearchAid No disinfected C:\Program Files\HijackThis\backups\backup-20050710-125234-650.dll Adware:Adware/WUpd No disinfected C:\RECYCLER\S-1-5-21-790525478-484763869-682003330-500\Dc5.cab[WinadX.dll] Adware:Adware/WUpd No disinfected C:\RECYCLER\S-1-5-21-790525478-484763869-682003330-500\Dc5.cab[WinadX.inf] Adware:Adware/Howprotect No disinfected C:\RECYCLER\S-1-5-21-790525478-484763869-682003330-500\Dc6.exe Adware:Adware/CWS.Aboutblank No disinfected C:\RECYCLER\S-1-5-21-790525478-484763869-682003330-500\Dc7.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\addxf.exe Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf Virus:Trj/Downloader.DKJ Disinfected C:\WINDOWS\n_tgxehq.txt Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crpz32.dll