Thread: Very Slow PC, "pic009.com" infested possible trojan, hijacker, virus??
View Single Post
Old 07-28-2006, 03:11 PM   #5 (permalink)
carganegativa18
Registered User
 
Join Date: Jul 2006
Posts: 11
OS: Windows XP


Grin New Fresh Logs
Hello there, Im sorry for not replying sooner, but I was in the middle of Final Exams, so that took all my time away from fixing these errors, but here are the logs you requested me.


JOTTI FILE SCAN RESULTS:
Service load:
0% 100%
File: cplmcm.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 b9eea37027168a6672380a5b3b16603a
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found BehavesLike:Trojan.FWDisable (probable variant)
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found W32/CryptExe
Kaspersky Anti-Virus
Found Packed.Win32.CryptExe (probable variant)
NOD32
Found IRC/SdBot
Norman Virus Control
Found Sandbox: W32/Malware; [ General information ]

* Anti debug/emulation code present.
* **Locates window "NULL [class _Oscar_StatusNotify]" on desktop.
* **Locates window "NULL [class mIRC]" on desktop.
* File length: 100554 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\cplmcm.exe.
* Deletes file c:\sample.exe.

[ Changes to registry ]
* Creates key "HKLM\Software\\Microsoft\\Windows".
* Sets value "Melt"="c:\sample.exe" in key "HKLM\Software\\Microsoft\\Windows".
* Creates key "HKLM\System\CurrentControlSet\Services\Windows Kernel System Service".
* Sets value "ImagePath"=""C:\WINDOWS\cplmcm.exe"" in key "HKLM\System\CurrentControlSet\Services\Windows Kernel System Service".
* Sets value "DisplayName"="WKSSVC" in key "HKLM\System\CurrentControlSet\Services\Windows Kernel System Service".
* Deletes value "Melt" in key "HKLM\Software\\Microsoft\\Windows".
* Sets value "WaitToKillServiceTimeout"="7000" in key "HKLM\System\CurrentControlSet\Control".
* Modifies value "UpdatesDisableNotify"="" in key "HKLM\Software\Microsoft\Security Center".
* Modifies value "AntiVirusDisableNotify"="" in key "HKLM\Software\Microsoft\Security Center".
* Modifies value "FirewallDisableNotify"="" in key "HKLM\Software\Microsoft\Security Center".
* Modifies value "AntiVirusOverride"="" in key "HKLM\Software\Microsoft\Security Center".
* Modifies value "FirewallOverride"="" in key "HKLM\Software\Microsoft\Security Center".
* Creates key "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update".
* Sets value "AUOptions"="" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update".
* Creates key "HKLM\System\CurrentControlSet\Services\wscsvc".
* Sets value "Start"="" in key "HKLM\System\CurrentControlSet\Services\wscsvc".
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found Trojan.IRC.SdBot


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:24:07 AM 7/28/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mqexdlm.srgOLD -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\Sm9zZSBKIEFuZ3VpYW5v\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-694481242-625651855-603493804-1006\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-694481242-625651855-603493804-1006\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-694481242-625651855-603493804-1006\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
C:\Installer3.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ovbccp32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\warebundlenewer.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20060725-184413-512.dll -> Adware.SafeGuard : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20060725-184414-753.dll -> Adware.SafeGuard : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sfg_2b56.dll -> Adware.SafeGuard : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sfg_54fe.dll -> Adware.SafeGuard : Cleaned with backup (quarantined).
C:\Program Files\TrustyHound-TB\autofill_plugin.dll -> Adware.SideSearch : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\INSTALL.LOG -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\TBlogin.users.ucmore.com.4.5.40.0 -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\UNWISE.EXE -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\logo.ico -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\toolbar.cfg -> Adware.UCmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator -> Adware.UCmore : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Desktop\FOLDERS\downloads\pianochordz40-eval.zip/ChordZ40.CAB/SETUP1.EXE -> Backdoor.Agobot.xb : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Desktop\pic009.com -> Backdoor.SdBot.qd : Cleaned with backup (quarantined).
C:\WINDOWS\cplmcm.exe -> Backdoor.SdBot.qd : Cleaned with backup (quarantined).
[1636] C:\WINDOWS\cplmcm.exe -> Backdoor.SdBot.qd : Error during cleaning.
C:\Documents and Settings\Jose D. Rincon\Local Settings\Temporary Internet Files\Content.IE5\CPA7C9I3\loader[1].exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\drsmartload.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5db4521e-45118f42.zip/Installer.class -> Downloader.OpenConnection.w : Cleaned with backup (quarantined).
C:\ac3_0010.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\kybrdef_7.exe -> Downloader.VB.air : Cleaned with backup (quarantined).
[2540] C:\kybrdef_7.exe -> Downloader.VB.air : Error during cleaning.
C:\Documents and Settings\Jose D. Rincon\Local Settings\Temporary Internet Files\Content.IE5\U9EH2RKJ\drsmartload45a[1].exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dllcache\window.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\drsmartload45a7f.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\drsmartload45a7h.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\drsmartload45a7i.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\nwnmef_7.exe -> Downloader.VB.aiy : Cleaned with backup (quarantined).
[2152] C:\nwnmef_7.exe -> Downloader.VB.aiy : Error during cleaning.
C:\WINDOWS\system32\in10b6s.dll -> Dropper.Small.abd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dllcache\system32.exe -> Hijacker.VB.fg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dllcache\systems.exe -> Hijacker.VB.fg : Cleaned with backup (quarantined).
C:\dfndref_7.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
[3048] C:\dfndref_7.exe -> Hijacker.VB.ly : Error during cleaning.
C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv156.jar-8e3574-2df65d11.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv157.jar-9c4cf5-2f5e7232.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
[872] C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Error during cleaning.
:mozilla.144:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Bpath : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.****-access : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\296a0wp8.default\cookies.txt -> TrackingCookie.Ysbweb : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Cesar Rincon\Application Data\Mozilla\Firefox\Profiles\mrjli2db.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2a79b1dc-7fe3ab10.zip/Dummy.class -> Trojan.NoCheat.240 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Desktop\Unused Desktop Shortcuts\CHEMIX_School_v3[1].00.zip/CHEMIX.School.v3.00.Cracked-iNFECTED/patch.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Desktop\Unused Desktop Shortcuts\chemixschoolv3.00patchinfected.zip/patch.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Desktop\Unused Desktop Shortcuts\chemixschoolv3.00patchinfected\patch.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Shared\Registry Mechanic 5.0.0.132.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jose D. Rincon\Shared\Registry Mechanic 5.0.0.132A.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).


::Report end



Panda Scan Report

Incident Status Location

Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Adware:adware/ipinsight Not disinfected c:\windows\inf\polall1r.inf
Adware:adware/dollarrevenue Not disinfected c:\drsmartload46a7h.exe
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Adware:adware/ucmore Not disinfected C:\Documents and Settings\Jose D. Rincon\Start Menu\Programs\UCmore - The Search Accelerator
Adware:adware/wupd Not disinfected Windows Registry
Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Adware:adware/look2me Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/popupdefence Not disinfected Windows Registry
Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/xplugin Not disinfected Windows Registry
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-4c4c202e.zip[javainstaller/InstallerApplet.class]
Adware:Adware/CWS Not disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-762d722b-73b6d256.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4b7173d6-5a9df5c0.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4b7173d6-5a9df5c0.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4b7173d6-5a9df5c0.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4b7173d6-5a9df5c0.zip[Beyond.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-5aea1fab.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-5aea1fab.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-5aea1fab.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-5aea1fab.zip[NewURLClassLoader.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-4e1241e2.zip[javainstaller/InstallerApplet.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1ab62644-45167828.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1ab62644-45167828.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1ab62644-45167828.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jose D. Rincon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1ab62644-45167828.zip[Parser.class]
Adware:Adware/Veevo Not disinfected C:\Documents and Settings\Jose D. Rincon\Desktop\12TH Grade\Mex Am Stu\Group Project - teotihuacan\kdap223h.exe[kdp107.dll]
Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Jose D. Rincon\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk
Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Jose D. Rincon\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\StripSaver2\Distribution.dll
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\StripSaver2\Music.dll
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\StripSaver2\Windows.dll
Virus:Exploit/ByteVerify Disinfected C:\quarantine\binny.class.Vir
Virus:Exploit/ByteVerify Disinfected C:\quarantine\binny.class.Vir.0
Virus:Exploit/ByteVerify Disinfected C:\quarantine\binny.class.Vir.1
Dialer:Dialer.OK Not disinfected C:\WINDOWS\Downloaded Program Files\internazionale_ver3.INF
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Sm9zZSBKIEFuZ3VpYW5v\mA6Wtm14KHIRtapDsqcS.vbs
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\w0034d94.dll
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
**************************************************
hijackThis Report

Logfile of HijackThis v1.99.1
Scan saved at 1:55:19 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\EzButton\EzButton.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\RssReader\RssReader.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\WINDOWS\..\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109456582\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .thp: C:\Program Files\Internet Explorer\Plugins\NPLM32.DLL
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/downloa...Downloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\srlgntfy.dll (file missing)
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\dav10.dll (file missing)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\wL2topl.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\ovbccp32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9zZSBKIEFuZ3VpYW5v\command.exe (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WKSSVC (Windows Kernel System Service) - Unknown owner - C:\WINDOWS\cplmcm.exe (file missing)


THANKS A LOT!

Jose R.
carganegativa18 is offline