I'm experiencing the Virtumonde infeection with constant popups and browser redirects.
Any assistance to fix this will be greatly appreciated.
Logfile of HijackThis v1.99.0
Scan saved at 9:36:11 PM, on 7/26/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\lovsluzo\fwluzaxw.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9ZA.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cjelgzed.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\MSA\MSA.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\winlo.exe
C:\winlo.exe
C:\Documents and Settings\RT\AART\arts downloads\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.worldnet.att.net/ie4/search/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=1033&_lang=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.62.162.148:6588
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - c:\program files\dap\dapbho.dll
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - c:\program files\dap\dapiebar.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON PictureMate 2005] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9ZA.EXE /P22 "EPSON PictureMate 2005" /O6 "USB003" /M "PictureMate 2005"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [zapro] C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [wininfo] C:\WINDOWS\system32\lejebkxi.exe
O4 - HKCU\..\Run: [hlpgen] C:\WINDOWS\system32\tgfgdozw.exe
O4 - HKCU\..\Run: [windbmnt] C:\WINDOWS\system32\cjelgzed.exe
O4 - HKCU\..\Run: [enactmon] C:\WINDOWS\system32\nqpkbabk.exe
O4 - HKCU\..\Run: [strwin] C:\WINDOWS\system32\yzkharyf.exe
O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKCU\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B934C2E0-5466-4121-AC8E-5345FB666627}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: syssrvapl - {3FD1475F-1D97-3727-7147-07859A2A81BA} - C:\Program Files\gcmtoke\syssrvapl.dll
O23 - Service: Ad-Aware 2007 Service - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: TrueVector Basic Logging Client - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\minilog.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
;***********************************************************************************************************************************************************************************
ANALYSIS: 2003-07-27 07:08:22
PROTECTIONS: 4
MALWARE: 85
SUSPECTS: 51
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 7.6 No Yes
McAfee Internet Security Suite 2007 7.2 No No
McAfee VirusScan Plus 11.2 No No
Norton Antivirus Edition 7.5 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\alan\favorites\health
00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.mediaplex.com/]
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@mysearch[2].txt
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@spylog[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@anm.co[2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.anm.co.uk/]
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@paycounter[2].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@ccbill[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.revenue.net/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.findwhat.com/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@findwhat[2].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@kinghost[2].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www.myaffiliateprogram[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@yadro[1].txt
00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@webpower[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@xiti[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@hotlog[1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@tickle[2].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@gostats[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@statcounter[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[counter.hitslink.com/]
00167767 Cookie/WegCash TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@programs.wegcash[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www.burstbeacon[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@stat.onestat[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@media.adrevolver[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@fortunecity[2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@hc2.humanclick[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@realmedia[2].txt
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@uol.com[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www5.addfreestats[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@bluestreak[2].txt
00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@c5.zedo[1].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@xxxcounter[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adrevolver[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@bravenet[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@go[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@target[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adviva[2].txt
00221141 Application/SpywareStormer HackTools No 0 Yes No C:\WINDOWS\Downloaded Program Files\Install.dll
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@atwola[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www3.addfreestats[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www6.addfreestats[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@ads.addynamix[2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@citi.bridgetrack[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@enhance[2].txt
01228849 Adware/Gator Adware No 0 Yes No C:\Documents and Settings\RT\AART\arts downloads\Codex\DivXPro503GAINBundle.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adserver.easyad[1].txt
01649413 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\RT\AART\arts downloads\FreeRip\freeripmp3.exe
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\Uninstall Ask Toolbar.dll
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\PROGRA~1\UNINST~1.DLL
02517863 Adware/SaveNow Adware No 0 Yes No C:\Documents and Settings\RT\AART\arts downloads\BitLord\BitLord_1.1.exe
02667770 Adware/Webdir Adware No 0 Yes No C:\Documents and Settings\RT\AART\arts downloads\Codex\AVICodecPackPlus2.exe
02667770 Adware/Webdir Adware No 0 Yes No C:\Documents and Settings\RT\downloads\AVICodecPackPlus2.exe
02918924 Trj/Downloader.TJQ Virus/Trojan No 0 Yes No C:\Documents and Settings\ALAN\My Documents\Downloads\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON.zip[Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON/idasetup.exe]
02918924 Trj/Downloader.TJQ Virus/Trojan No 0 Yes No C:\Documents and Settings\ALAN\My Documents\Downloads\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON.zip[Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON/EXPLOSiON.exe]
02918924 Trj/Downloader.TJQ Virus/Trojan No 0 Yes No C:\Documents and Settings\ALAN\My Documents\Downloads\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON\idasetup.exe
02918924 Trj/Downloader.TJQ Virus/Trojan No 0 Yes No C:\Documents and Settings\ALAN\My Documents\Downloads\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON\EXPLOSiON.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\batwxozk.exe
03476345 Adware/AntivirusXP2008 Adware No 0 Yes No C:\WINDOWS\SYSTEM32\rwpmpcpo.exe
03511048 Application/RogueAntimalware2008 HackTools No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt12.tmp.exe[²ÜÇ\euladlg.dll]
03511048 Application/RogueAntimalware2008 HackTools No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt12.tmp[²ÜÇ\euladlg.dll]
03511048 Application/RogueAntimalware2008 HackTools No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\nst16.tmp\euladlg.dll
03534057 Application/AntivirusXP2008 HackTools No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt12.tmp[²ºÇ.exe]
03534057 Application/AntivirusXP2008 HackTools No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt12.tmp.exe[²ºÇ.exe]
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt1.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt4.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt6.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt29.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt25D7.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\SUSAN\Local Settings\Temp\.tt2.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt3.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt5.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt7.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\SUSAN\Local Settings\Temp\.tt1.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt2.tmp.vbs
03548851 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Program Files\MSA\MSA.cpl
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\Program Files\PCHealthCenter\5.exe[C:\Program Files\PCHealthCenter\5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][5.exe][5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][5.exe][5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\winlo.exe[C:\winlo.exe][5.exe][5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temporary Internet Files\Content.IE5\714U63Q4\Uninstaller[1].exe[C:\Documents and Settings\ALAN\Local Settings\Temporary Internet Files\Content.IE5\714U63Q4\Uninstaller[1].exe][5.exe][5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\winlo.exe[C:\winlo.exe][5.exe][5.exe][MSA.cpl]
03571177 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt5.tmp.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location P
;===================================================================================================================================================================================
No C:\Program Files\MSA\MSA.exe P
No C:\Program Files\PCHealthCenter\1.exe P
No C:\Program Files\PCHealthCenter\2.exe P
No C:\Program Files\PCHealthCenter\3.exe P
No C:\Program Files\PCHealthCenter\4.exe P
No C:\Program Files\PCHealthCenter\7.exe P
No C:\winlo.exe[C:\winlo.exe][1.exe] P
No C:\winlo.exe[C:\winlo.exe][2.exe] P
No C:\winlo.exe[C:\winlo.exe][3.exe] P
No C:\winlo.exe[C:\winlo.exe][4.exe] P
No C:\winlo.exe[C:\winlo.exe][5.exe][5.exe][MSA.exe] P
No C:\winlo.exe[C:\winlo.exe][7.exe] P
No c:\windows\system32\VIE1.exe P
No c:\windows\system32\VIE2.exe P
No c:\windows\system32\VIE3.exe P
No c:\windows\system32\VIE4.exe P
No c:\windows\system32\VIE6.exe P
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][1.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][2.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][3.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][4.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][5.exe][5.exe][MSA.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][7.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][1.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][2.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][3.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][4.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][5.exe][5.exe][MSA.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][7.exe]
No C:\Documents and Settings\RT\AART\arts downloads\2_Tweak-Xp Pro v3.0 Keygen.zip[Keygen.exe] P
No C:\Documents and Settings\RT\AART\arts downloads\XP Tweaks\2_Tweak-Xp Pro v3.0 Keygen.zip[Keygen.exe] P
No C:\Documents and Settings\RT\AART\arts downloads\XP Tweaks\Keygen Tweak-XP Pro 3.0.0.exe P
No C:\Program Files\MSA\MSA.exe P
No C:\Program Files\PCHealthCenter\1.exe P
No C:\Program Files\PCHealthCenter\2.exe P
No C:\Program Files\PCHealthCenter\3.exe P
No C:\Program Files\PCHealthCenter\4.exe P
No C:\Program Files\PCHealthCenter\5.exe[C:\Program Files\PCHealthCenter\5.exe][MSA.exe] P
No C:\Program Files\PCHealthCenter\7.exe P
No C:\WINDOWS\SYSTEM32\VIE1.exe P
No C:\WINDOWS\SYSTEM32\VIE2.exe P
No C:\WINDOWS\SYSTEM32\VIE3.exe P
No C:\WINDOWS\SYSTEM32\VIE4.exe P
No C:\winlo.exe[C:\winlo.exe][5.exe][5.exe][MSA.exe] P
No C:\winlo.exe[C:\winlo.exe][4.exe] P
No C:\winlo.exe[C:\winlo.exe][3.exe] P
No C:\winlo.exe[C:\winlo.exe][2.exe] P
No C:\winlo.exe[C:\winlo.exe][1.exe] P
No C:\WINDOWS\SYSTEM32\VIE6.exe P
No C:\WINDOWS\SYSTEM32\VIEAB.exe P
No C:\winlo.exe[C:\winlo.exe][7.exe] P
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description P
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 P
184379 MEDIUM MS08-001 P
182048 HIGH MS07-069 P
182046 HIGH MS07-067 P
182043 HIGH MS07-064 P
179553 HIGH MS07-061 P
176382 HIGH MS07-057 P
176383 HIGH MS07-058 P
170911 HIGH MS07-050 P
170907 HIGH MS07-046 P
170906 HIGH MS07-045 P
170904 HIGH MS07-043 P
164915 HIGH MS07-035 P
164913 HIGH MS07-033 P
164911 HIGH MS07-031 P
160623 HIGH MS07-027 P
157262 HIGH MS07-022 P
157261 HIGH MS07-021 P
157260 HIGH MS07-020 P
157259 HIGH MS07-019 P
156477 HIGH MS07-017 P
150253 HIGH MS07-016 P
150249 HIGH MS07-013 P
150248 HIGH MS07-012 P
150247 HIGH MS07-011 P
150243 HIGH MS07-008 P
150242 HIGH MS07-007 P
150241 MEDIUM MS07-006 P
;===================================================================================================================================================================================
Any assistance to fix this will be greatly appreciated.
Logfile of HijackThis v1.99.0
Scan saved at 9:36:11 PM, on 7/26/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\lovsluzo\fwluzaxw.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9ZA.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cjelgzed.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\MSA\MSA.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\winlo.exe
C:\winlo.exe
C:\Documents and Settings\RT\AART\arts downloads\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.worldnet.att.net/ie4/search/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=1033&_lang=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.62.162.148:6588
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - c:\program files\dap\dapbho.dll
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - c:\program files\dap\dapiebar.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON PictureMate 2005] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9ZA.EXE /P22 "EPSON PictureMate 2005" /O6 "USB003" /M "PictureMate 2005"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [zapro] C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [wininfo] C:\WINDOWS\system32\lejebkxi.exe
O4 - HKCU\..\Run: [hlpgen] C:\WINDOWS\system32\tgfgdozw.exe
O4 - HKCU\..\Run: [windbmnt] C:\WINDOWS\system32\cjelgzed.exe
O4 - HKCU\..\Run: [enactmon] C:\WINDOWS\system32\nqpkbabk.exe
O4 - HKCU\..\Run: [strwin] C:\WINDOWS\system32\yzkharyf.exe
O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKCU\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B934C2E0-5466-4121-AC8E-5345FB666627}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: syssrvapl - {3FD1475F-1D97-3727-7147-07859A2A81BA} - C:\Program Files\gcmtoke\syssrvapl.dll
O23 - Service: Ad-Aware 2007 Service - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: TrueVector Basic Logging Client - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\minilog.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
;***********************************************************************************************************************************************************************************
ANALYSIS: 2003-07-27 07:08:22
PROTECTIONS: 4
MALWARE: 85
SUSPECTS: 51
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 7.6 No Yes
McAfee Internet Security Suite 2007 7.2 No No
McAfee VirusScan Plus 11.2 No No
Norton Antivirus Edition 7.5 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\alan\favorites\health
00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.mediaplex.com/]
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@mysearch[2].txt
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@spylog[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@anm.co[2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.anm.co.uk/]
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@paycounter[2].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@ccbill[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.revenue.net/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.findwhat.com/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@findwhat[2].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@kinghost[2].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www.myaffiliateprogram[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@yadro[1].txt
00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@webpower[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@xiti[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@hotlog[1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@tickle[2].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@gostats[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@statcounter[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[counter.hitslink.com/]
00167767 Cookie/WegCash TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@programs.wegcash[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www.burstbeacon[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@stat.onestat[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@media.adrevolver[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.ads.pointroll.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@fortunecity[2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@hc2.humanclick[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@realmedia[2].txt
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@uol.com[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www5.addfreestats[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@bluestreak[2].txt
00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@c5.zedo[1].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@xxxcounter[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adrevolver[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@bravenet[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@go[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\SUSAN\Cookies\susan@target[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adviva[2].txt
00221141 Application/SpywareStormer HackTools No 0 Yes No C:\WINDOWS\Downloaded Program Files\Install.dll
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@atwola[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www3.addfreestats[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@www6.addfreestats[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@ads.addynamix[2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Application Data\Mozilla\Firefox\Profiles\hs8h4r3y.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@citi.bridgetrack[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@enhance[2].txt
01228849 Adware/Gator Adware No 0 Yes No C:\Documents and Settings\RT\AART\arts downloads\Codex\DivXPro503GAINBundle.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ALAN\Cookies\alan@adserver.easyad[1].txt
01649413 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\RT\AART\arts downloads\FreeRip\freeripmp3.exe
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\Uninstall Ask Toolbar.dll
01650305 Application/MyWebSearch HackTools No 0 Yes No C:\PROGRA~1\UNINST~1.DLL
02517863 Adware/SaveNow Adware No 0 Yes No C:\Documents and Settings\RT\AART\arts downloads\BitLord\BitLord_1.1.exe
02667770 Adware/Webdir Adware No 0 Yes No C:\Documents and Settings\RT\AART\arts downloads\Codex\AVICodecPackPlus2.exe
02667770 Adware/Webdir Adware No 0 Yes No C:\Documents and Settings\RT\downloads\AVICodecPackPlus2.exe
02918924 Trj/Downloader.TJQ Virus/Trojan No 0 Yes No C:\Documents and Settings\ALAN\My Documents\Downloads\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON.zip[Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON/idasetup.exe]
02918924 Trj/Downloader.TJQ Virus/Trojan No 0 Yes No C:\Documents and Settings\ALAN\My Documents\Downloads\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON.zip[Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON/EXPLOSiON.exe]
02918924 Trj/Downloader.TJQ Virus/Trojan No 0 Yes No C:\Documents and Settings\ALAN\My Documents\Downloads\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON\idasetup.exe
02918924 Trj/Downloader.TJQ Virus/Trojan No 0 Yes No C:\Documents and Settings\ALAN\My Documents\Downloads\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON\Internet.Download.Accelerator.v5.1.2.1051.Regged-EXPLOSiON\EXPLOSiON.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\batwxozk.exe
03476345 Adware/AntivirusXP2008 Adware No 0 Yes No C:\WINDOWS\SYSTEM32\rwpmpcpo.exe
03511048 Application/RogueAntimalware2008 HackTools No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt12.tmp.exe[²ÜÇ\euladlg.dll]
03511048 Application/RogueAntimalware2008 HackTools No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt12.tmp[²ÜÇ\euladlg.dll]
03511048 Application/RogueAntimalware2008 HackTools No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\nst16.tmp\euladlg.dll
03534057 Application/AntivirusXP2008 HackTools No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt12.tmp[²ºÇ.exe]
03534057 Application/AntivirusXP2008 HackTools No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt12.tmp.exe[²ºÇ.exe]
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt1.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt4.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt6.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt29.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt25D7.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\SUSAN\Local Settings\Temp\.tt2.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt3.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt5.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt7.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\SUSAN\Local Settings\Temp\.tt1.tmp.vbs
03548684 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt2.tmp.vbs
03548851 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Program Files\MSA\MSA.cpl
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\Program Files\PCHealthCenter\5.exe[C:\Program Files\PCHealthCenter\5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][5.exe][5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][5.exe][5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\winlo.exe[C:\winlo.exe][5.exe][5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\Documents and Settings\ALAN\Local Settings\Temporary Internet Files\Content.IE5\714U63Q4\Uninstaller[1].exe[C:\Documents and Settings\ALAN\Local Settings\Temporary Internet Files\Content.IE5\714U63Q4\Uninstaller[1].exe][5.exe][5.exe][MSA.cpl]
03548851 Adware/RogueAntimalware2008 Adware No 0 No No C:\winlo.exe[C:\winlo.exe][5.exe][5.exe][MSA.cpl]
03571177 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\Documents and Settings\ALAN\Local Settings\Temp\.tt5.tmp.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location P
;===================================================================================================================================================================================
No C:\Program Files\MSA\MSA.exe P
No C:\Program Files\PCHealthCenter\1.exe P
No C:\Program Files\PCHealthCenter\2.exe P
No C:\Program Files\PCHealthCenter\3.exe P
No C:\Program Files\PCHealthCenter\4.exe P
No C:\Program Files\PCHealthCenter\7.exe P
No C:\winlo.exe[C:\winlo.exe][1.exe] P
No C:\winlo.exe[C:\winlo.exe][2.exe] P
No C:\winlo.exe[C:\winlo.exe][3.exe] P
No C:\winlo.exe[C:\winlo.exe][4.exe] P
No C:\winlo.exe[C:\winlo.exe][5.exe][5.exe][MSA.exe] P
No C:\winlo.exe[C:\winlo.exe][7.exe] P
No c:\windows\system32\VIE1.exe P
No c:\windows\system32\VIE2.exe P
No c:\windows\system32\VIE3.exe P
No c:\windows\system32\VIE4.exe P
No c:\windows\system32\VIE6.exe P
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][1.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][2.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][3.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][4.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][5.exe][5.exe][MSA.exe]
No C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe[C:\Documents and Settings\ALAN\Local Settings\TempChkCfg\idotqvwd.exe][7.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][1.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][2.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][3.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][4.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][5.exe][5.exe][MSA.exe]
No C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe[C:\Documents and Settings\ALAN\Local Settings\Tempdbset\pybwzkde.exe][7.exe]
No C:\Documents and Settings\RT\AART\arts downloads\2_Tweak-Xp Pro v3.0 Keygen.zip[Keygen.exe] P
No C:\Documents and Settings\RT\AART\arts downloads\XP Tweaks\2_Tweak-Xp Pro v3.0 Keygen.zip[Keygen.exe] P
No C:\Documents and Settings\RT\AART\arts downloads\XP Tweaks\Keygen Tweak-XP Pro 3.0.0.exe P
No C:\Program Files\MSA\MSA.exe P
No C:\Program Files\PCHealthCenter\1.exe P
No C:\Program Files\PCHealthCenter\2.exe P
No C:\Program Files\PCHealthCenter\3.exe P
No C:\Program Files\PCHealthCenter\4.exe P
No C:\Program Files\PCHealthCenter\5.exe[C:\Program Files\PCHealthCenter\5.exe][MSA.exe] P
No C:\Program Files\PCHealthCenter\7.exe P
No C:\WINDOWS\SYSTEM32\VIE1.exe P
No C:\WINDOWS\SYSTEM32\VIE2.exe P
No C:\WINDOWS\SYSTEM32\VIE3.exe P
No C:\WINDOWS\SYSTEM32\VIE4.exe P
No C:\winlo.exe[C:\winlo.exe][5.exe][5.exe][MSA.exe] P
No C:\winlo.exe[C:\winlo.exe][4.exe] P
No C:\winlo.exe[C:\winlo.exe][3.exe] P
No C:\winlo.exe[C:\winlo.exe][2.exe] P
No C:\winlo.exe[C:\winlo.exe][1.exe] P
No C:\WINDOWS\SYSTEM32\VIE6.exe P
No C:\WINDOWS\SYSTEM32\VIEAB.exe P
No C:\winlo.exe[C:\winlo.exe][7.exe] P
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description P
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 P
184379 MEDIUM MS08-001 P
182048 HIGH MS07-069 P
182046 HIGH MS07-067 P
182043 HIGH MS07-064 P
179553 HIGH MS07-061 P
176382 HIGH MS07-057 P
176383 HIGH MS07-058 P
170911 HIGH MS07-050 P
170907 HIGH MS07-046 P
170906 HIGH MS07-045 P
170904 HIGH MS07-043 P
164915 HIGH MS07-035 P
164913 HIGH MS07-033 P
164911 HIGH MS07-031 P
160623 HIGH MS07-027 P
157262 HIGH MS07-022 P
157261 HIGH MS07-021 P
157260 HIGH MS07-020 P
157259 HIGH MS07-019 P
156477 HIGH MS07-017 P
150253 HIGH MS07-016 P
150249 HIGH MS07-013 P
150248 HIGH MS07-012 P
150247 HIGH MS07-011 P
150243 HIGH MS07-008 P
150242 HIGH MS07-007 P
150241 MEDIUM MS07-006 P
;===================================================================================================================================================================================
