Problem with Java Byte Verify Virus - Hijack this logfile post (RESOLVED)

**John Lane** · 21-08-2006

Here is my hijackThis log file. I Have just scanned my system with AVG Antivirus Ver. 7.1.405. I have also downloaded and scannned my system with the latest versions of Spybot S&D and Ad-Aware. My problem is that AVG can't remove the subject virus because it is a part of an archive. Ultimately I would like to remove the Microsoft version of Java and install the Sun version as it is more robust. Also I would like to update my operating system to Windows XP SP2. I am currently running SP1.

Let me know if you need additional info.

Logfile of HijackThis v1.99.1
Scan saved at 9:30:38 PM, on 8/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QUICKENW2000\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&gl=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;http://localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D36C88C7-7E35-0307-C208-883012F4227C} - C:\WINDOWS\atlfr32.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW2000\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW2000\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.ebay.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...2/mcinsctl.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095180586841
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...3/cpbrkpie.cab
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} - http://www.therealyellowpageslive.net/live/ezinit.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...15/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Network Security Service (NSS) (%AFå¤¶À¨) - Unknown owner - C:\WINDOWS\system32\d3zt32.exe (file missing)

**VopThis** · 22-08-2006

You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.

Create a new folder in your C: Drive.
Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and move the HijackThis.exe file into it.
Run HJT from there (and revise your shortcut accordingly).

Stop and Disable a Service

Go to Start » Run » type: Services.msc » OK.
Scroll down and find this service: Network Security Service (NSS) (%AFå¤¶À¨)
Double-click on it.
Under the General tab, click the Stop button.
Then change the Startup Type to Disabled.
Click Apply and then OK.

Open HiJackThis, then click on None of the above, just start the program.
Click on the Config button (bottom right).
Click on Misc Tools, then click on Delete an NT Service.
Enter (cut & paste up to and including the ") the following characters into that field:
%AFå¤¶À¨
Click OK and select NO when asked to reboot.

Post your latest HijackThis log, please.

**John Lane** · 24-08-2006

Thanks for following up eith my problem. I have followed the steps you listed. Here is my new HijackThis logfile. Let me know what you see.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 9:25:17 PM, on 8/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QUICKENW2000\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&gl=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;http://localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D36C88C7-7E35-0307-C208-883012F4227C} - C:\WINDOWS\atlfr32.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW2000\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW2000\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.ebay.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...2/mcinsctl.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095180586841
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...3/cpbrkpie.cab
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} - http://www.therealyellowpageslive.net/live/ezinit.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...15/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

**VopThis** · 24-08-2006

Download the latest version of CWSHredder to your desktop from here:
http://cwshredder.net/bin/CWShredder.exe

Run this application, initially, ONLY to search for UPDATES.
You may have to do this on another PC - it simply downloads the latest EXE and overwrites the current one (512K).

Download Clean.bat to your desktop: for later use .
http://www.thatcomputerguy.us/downloads/clean.bat

DISCONNECT FROM THE INTERNET
During the fix do NOT connect to the Internet (turn your modem off or disconnect your internet connection wire).
Unless you can memorize these instructions, it would be a good idea to print them out or save these instructions to a file on your desktop (NOTEPAD).

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {D36C88C7-7E35-0307-C208-883012F4227C} - C:\WINDOWS\atlfr32.dll (file missing)

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...3/cpbrkpie.cab

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).

Run Clean.bat

Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter

*** Re-run CLEANMGR.EXE once you have regained the full functional use of your PC.

Navigate to or locate the following Files and Folders:
- using Windows Explorer: right click on ‘My Computer’>Explore) or using Start (button)>Search …

Delete these Files (if found):
None specified.

Delete these Folders (if found) - preferably using Add/Remove Programs where possible:
None specified.

Next, run CWShredder
-Click on the: ‘Fix’ button
-Follow the prompts, and press OK

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues. THere will be at least one more step to update your JAVA version.

**John Lane** · 24-08-2006

Ok, I've folowed all the latest procedures. Here is my new HijackThis logfile. Please let me know the next steps.

Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 12:37:04 PM, on 8/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QUICKENW2000\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&gl=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;http://localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW2000\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW2000\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.ebay.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...2/mcinsctl.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095180586841
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} - http://www.therealyellowpageslive.net/live/ezinit.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...15/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

**VopThis** · 24-08-2006

Your system has an outdated version of Sun Java that could create serious security exposure issues for your PC.

Update your Java.

Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.

Close any programs you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Download the latest version of Java Runtime Environment, and install it to your computer.

New Version should show as (HijackThis log):

C:\Program Files\Java\jre1.5.0_08

Post your latest HijackThis log and tell us how your PC is doing.

**John Lane** · 24-08-2006

Ok. I followed the latest steps. I had some troble with the installl of the new Java software. It hung during the first thrid of the installation process three times when I tried to install from the link in your email. I went out to the Java website directly from by browser and it finally let me install. The only thing I am concerned about is that HijackThis lists it slightly different from the way you said it would be shown. It is shown in the log file as :

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

One other thing I have been noticing an I am not sure if it is related to the virus problem. When I am scrolling down windowsor just looking at information in Windows my up and down scroll bar will jump up and down on the page even when I don't have my hand on the mouse. I am not sure if this is a hardware problem or some sort of mal-ware. Anyway I thought I would mention it to see if you had heard of this problem occuring before.

Here is my latest Hijackthis log file.

Let me know what if anything is next.

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 3:36:52 PM, on 8/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\QUICKENW2000\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&gl=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;http://localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW2000\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW2000\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.ebay.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...2/mcinsctl.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095180586841
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} - http://www.therealyellowpageslive.net/live/ezinit.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...15/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

**VopThis** · 25-08-2006

The correct JAVA Path is now reflected in your HijackThis log. You now want to gain confidence that your PC is as healthy as possible to ensure a successful update to Service Pack 2 (SP2).

Your mouse issues are likely hardware (or driver) related especially if you have a wireless or optical mouse (if damaged or dropped). Suggest you try using another mouse - easiest way to determine this.

Download and install Ewido anti-spyware 4.0 (uninstall any previous version first).

Click the Download BUTTON. On the next page click the Download now BUTTON.
Save and then install (Run) from the save location.
Open/Run ewido anti-spyware
Wait a few moments and Ewido should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:
Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install

**John Lane** · 26-08-2006

Ok, I've followed your latest instructions and here are the results. After the Kapersky Scan completed AVG Antivirus was displaying Virus Found messages for the following Trojan Horse viruses:

Downloader.Winshow
Downloader.Agent.6.M
Downloader.Agent.6.U

All off the infected files seemed to be in my system restore files.

AVGs help site suggest that I run Vcleaner in safe mode to remove these viruses though my particular varient was not listed I ran the scan anyway since I could not get AVG to get putting up the virus detection messages.

I did not see the results of the vcleaner scan but when I rebotted my computer there are no virus warnings popping up in AVG and the system seems to be more responsive now.

Anyway here are the results of the scans you wanted me to run.

Let me know the next steps.

Thanks!

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:23:00 PM 8/25/2006

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{117089AA-D3C6-C679-D791-5088F7B82125} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{25BCEAC9-47B6-ABCD-B004-C98A4B8683E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{27622543-E879-3A47-D05A-97903406A96F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{40F71E8F-EDFA-FBFC-EE8C-05CE369D541D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5BCC6952-A400-DA5E-2572-D68C74339A1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{81B13E5A-B27C-6BB2-7C2F-E42B321541D2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D4FBE2D-404E-877D-0359-34F79402CC75} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9E3985CC-E6F5-05DD-8AE5-515FD564D740} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4F8C4E0-F516-5DEF-B102-AAF1ADBCBB04} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EAB76292-5DD2-1DC9-D5FB-E69DE2ECC235} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20060824-120631-989.dll -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP688\A0037919.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll -> Adware.SideStep : Cleaned with backup (quarantined).
C:\WINDOWS\TASKMAN.EXE:uckvf -> Downloader.Agent.al : Cleaned with backup (quarantined).
C:\WINDOWS\TWAIN.DLL:nkjbg -> Downloader.Agent.al : Cleaned with backup (quarantined).
C:\WINDOWS\hpinfo.lnk:wmydn -> Downloader.Agent.al : Cleaned with backup (quarantined).
C:\WINDOWS\WINHELP.EXE:dgrdv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\MSGSOCM.LOG:daydm -> Downloader.Agent.gs : Cleaned with backup (quarantined).
C:\WINDOWS\TSOC.LOG:ndviz -> Downloader.Agent.gs : Cleaned with backup (quarantined).
C:\WINDOWS\TWUNK_32.EXE:fltha -> Downloader.Agent.gs : Cleaned with backup (quarantined).
C:\WINDOWS\ieuninst.exe

mqqp -> Downloader.Agent.gs : Cleaned with backup (quarantined).
C:\Documents and Settings\John\My Documents\My Documents\brutus-aet2.zip/BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Cleaned with backup (quarantined).
C:\Documents and Settings\John\My Documents\My Documents\brutus-aet2\BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@bookspan.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@cratebarrel.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Sandra\Cookies\sandra@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@ads11.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.183:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@a-1shz2prbmdj6wvny-1sez2pra2dj6wjmighdzecog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jajigpamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wfkiahd5weo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wfkyomc5efq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wfl4alazcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wfliejdjkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wflyenczicp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wgkiaicpilq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wgkiqpc5ocq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjk4ekazsko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjk4ggc5wgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjk4uidzidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjk4wgdzcfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjkokhc5sbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjkowjajcbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjkyekazgeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjkyojdzweq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjkywlajebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjl4kgajsdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjl4updjcfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjliogcjgdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjlogkcpgkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjlyegdzwhp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjmicidpmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjny-1oajaf.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjnyapdjslp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjnyeldzwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjnyghdjeap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjnyogczshp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjnyogdziho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjnyoid5efo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjnyomc5ako.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjnysldpmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@e-2dj6wjnyuoc5aaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4agazwgqaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4shdjadogudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkospd5gkoa2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyejd5ikpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wflikgdzagqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kgcpgepg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4knd5kgqqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoomcpckpamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycgazmfoqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyghdzgcpw2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyoidjskpaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqiazkbpw2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ajdpahoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlianazcgqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiwod5ehpgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygiczwdow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyakczekogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycjazsfqqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyclazocogmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygkdpgeqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyohdpggqqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Sandra\Cookies\sandra@-1shz2prbmdj6wvny-1sez2pra2dj6wfkosmcpwdqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Sandra\Cookies\sandra@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysjczoloqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Sandra\Cookies\sandra@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyamdpwcoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Sandra\Cookies\sandra@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqgdzmcow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@ehg-equifax.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.X10 : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\hq62ndaz.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 25, 2006 8:23:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/08/2006
Kaspersky Anti-Virus database records: 218382
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 87688
Number of viruses found: 7
Number of infected objects: 12 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:14:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Support.com\profiles\John\triggers.log Object is locked skipped
C:\Documents and Settings\John\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\John\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped
C:\Documents and Settings\John\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\John\Application Data\Microsoft\Word\AutoRecovery save of Normal.as$ Object is locked skipped
C:\Documents and Settings\John\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx/[From Irvin Medrano <Varnerbiot@bns.com>][Date Sat, 28 Aug 2004 19:47:46 -0100 (CST)]/html Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\John\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\WCESCOMM.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\~DF272F.tmp Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\~DF87EE.tmp Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\My Documents\My Downloads\Morph20.exe/WISE0015.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.d skipped
C:\Documents and Settings\John\My Documents\My Downloads\Morph20.exe/WISE0015.BIN/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
C:\Documents and Settings\John\My Documents\My Downloads\Morph20.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
C:\Documents and Settings\John\My Documents\My Downloads\Morph20.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Gator.3210 skipped
C:\Documents and Settings\John\My Documents\My Downloads\Morph20.exe/WISE0017.BIN/WISE0007.BIN Infected: Trojan-Downloader.Win32.Stubby.b skipped
C:\Documents and Settings\John\My Documents\My Downloads\Morph20.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Stubby.b skipped
C:\Documents and Settings\John\My Documents\My Downloads\Morph20.exe WiseSFX: infected - 6 skipped
C:\Documents and Settings\John\My Documents\My Downloads\wbshotsw.exe/WISE0029.BIN Infected: not-a-virus:AdWare.Win32.Gator.1012 skipped
C:\Documents and Settings\John\My Documents\My Downloads\wbshotsw.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010003.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP695\A0038148.dll Infected: not-a-virus:AdWare.Win32.Coupons skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP695\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{69447C FE-EC54-4191-9155-165EA45A3D74}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

**VopThis** · 26-08-2006

The 'System Restore' infections can be cleaned out in some subsequent last final steps, a little later.

In 'Outlook Express', clean out your deleted items Folder.

C:\Documents and Settings\John\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped

In SAFE MODE, Delete the Following FILES:

C:\Documents and Settings\John\My Documents\My Downloads\Morph20.exe
C:\Documents and Settings\John\My Documents\My Downloads\wbshotsw.exe

REBOOT.

Suggest you get another AV tool opinion - BitDefender:

http://www.google.ca/url?sa=U&start=.../scan8/ie.html

Save the BitDefender log as HTML (if necessary), and copy and paste its contents here.

Problem with Java Byte Verify Virus - Hijack this logfile post (RESOLVED)

Problem with Java Byte Verify Virus - Hijack this logfile post (RESOLVED)

Similar Threads

Hijack this log re virus sending msngr links

Java Byte Verify

Hijack Logfile

Please Help-hijack this logfile

hijack this post trojan horse Lzio and adware Searchfast (Resolved)