ok...did all that...i still have some popups but there are less
Heres the spy sweeper log:
********
10:09 PM: | Start of Session, Monday, May 29, 2006 |
10:09 PM: Spy Sweeper started
10:09 PM: Sweep initiated using definitions version 686
10:09 PM: Starting Memory Sweep
10:10 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:10 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:14 PM: Memory Sweep Complete, Elapsed Time: 00:05:17
10:14 PM: Starting Registry Sweep
10:15 PM: Found Adware: zenosearchassistant
10:15 PM: HKLM\software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno\ (2 subtraces) (ID = 147934)
10:15 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zeno search assistant\ (2 subtraces) (ID = 147935)
10:15 PM: Found Adware: quicklink search toolbar
10:15 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558)
10:15 PM: Found Adware: command
10:15 PM: HKLM\system\currentcontrolset\services\cmdservice\ (5 subtraces) (ID = 958670)
10:15 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
10:15 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
10:15 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1075246)
10:15 PM: Registry Sweep Complete, Elapsed Time:00:00:16
10:15 PM: Starting Cookie Sweep
10:15 PM: Found Spy Cookie: 2o7.net cookie
10:15 PM: hp_owner@2o7[2].txt (ID = 1957)
10:15 PM: Found Spy Cookie: 50881381 cookie
10:15 PM: hp_owner@50881381[1].txt (ID = 1981)
10:15 PM: Found Spy Cookie: 888 cookie
10:15 PM: hp_owner@888[1].txt (ID = 2019)
10:15 PM: Found Spy Cookie: websponsors cookie
10:15 PM: hp_owner@a.websponsors[2].txt (ID = 3665)
10:15 PM: Found Spy Cookie: yieldmanager cookie
10:15 PM: hp_owner@ad.yieldmanager[1].txt (ID = 3751)
10:15 PM: Found Spy Cookie: adecn cookie
10:15 PM: hp_owner@ad2.adecn[1].txt (ID = 2064)
10:15 PM: hp_owner@adecn[2].txt (ID = 2063)
10:15 PM: Found Spy Cookie: adknowledge cookie
10:15 PM: hp_owner@adknowledge[1].txt (ID = 2072)
10:15 PM: Found Spy Cookie: hbmediapro cookie
10:15 PM: hp_owner@adopt.hbmediapro[2].txt (ID = 2768)
10:15 PM: Found Spy Cookie: hotbar cookie
10:15 PM: hp_owner@adopt.hotbar[2].txt (ID = 4207)
10:15 PM: Found Spy Cookie: specificclick.com cookie
10:15 PM: hp_owner@adopt.specificclick[2].txt (ID = 3400)
10:15 PM: Found Spy Cookie: adprofile cookie
10:15 PM: hp_owner@adprofile[2].txt (ID = 2084)
10:15 PM: Found Spy Cookie: adrevolver cookie
10:15 PM: hp_owner@adrevolver[1].txt (ID = 2088)
10:15 PM: hp_owner@adrevolver[2].txt (ID = 2088)
10:15 PM: Found Spy Cookie: addynamix cookie
10:15 PM: hp_owner@ads.addynamix[1].txt (ID = 2062)
10:15 PM: Found Spy Cookie: pointroll cookie
10:15 PM: hp_owner@ads.pointroll[1].txt (ID = 3148)
10:15 PM: Found Spy Cookie: zenotecnico cookie
10:15 PM: hp_owner@ads.zenotecnico[1].txt (ID = 3859)
10:15 PM: Found Spy Cookie: revenue.net cookie
10:15 PM: hp_owner@ads1.revenue[2].txt (ID = 3258)
10:15 PM: Found Spy Cookie: adserver cookie
10:15 PM: hp_owner@adserver[1].txt (ID = 2141)
10:15 PM: Found Spy Cookie: tacoda cookie
10:15 PM: hp_owner@anat.tacoda[2].txt (ID = 6445)
10:15 PM: Found Spy Cookie: apmebf cookie
10:15 PM: hp_owner@apmebf[1].txt (ID = 2229)
10:15 PM: Found Spy Cookie: falkag cookie
10:15 PM: hp_owner@as-eu.falkag[2].txt (ID = 2650)
10:15 PM: hp_owner@as-us.falkag[2].txt (ID = 2650)
10:15 PM: Found Spy Cookie: ask cookie
10:15 PM: hp_owner@ask[1].txt (ID = 2245)
10:15 PM: Found Spy Cookie: azjmp cookie
10:15 PM: hp_owner@azjmp[2].txt (ID = 2270)
10:15 PM: Found Spy Cookie: searchingbooth cookie
10:15 PM: hp_owner@banners.searchingbooth[1].txt (ID = 3322)
10:15 PM: Found Spy Cookie: belnk cookie
10:15 PM: hp_owner@belnk[1].txt (ID = 2292)
10:15 PM: Found Spy Cookie: bluestreak cookie
10:15 PM: hp_owner@bluestreak[2].txt (ID = 2314)
10:15 PM: Found Spy Cookie: burstnet cookie
10:15 PM: hp_owner@burstnet[1].txt (ID = 2336)
10:15 PM: Found Spy Cookie: enhance cookie
10:15 PM: hp_owner@c.enhance[1].txt (ID = 2614)
10:15 PM: Found Spy Cookie: zedo cookie
10:15 PM: hp_owner@c5.zedo[2].txt (ID = 3763)
10:15 PM: Found Spy Cookie: cassava cookie
10:15 PM: hp_owner@cassava[1].txt (ID = 2362)
10:15 PM: Found Spy Cookie: overture cookie
10:15 PM: hp_owner@data1.perf.overture[1].txt (ID = 3106)
10:15 PM: hp_owner@data2.perf.overture[1].txt (ID = 3106)
10:15 PM: Found Spy Cookie: directtrack cookie
10:15 PM: hp_owner@directtrack[1].txt (ID = 2527)
10:15 PM: hp_owner@dist.belnk[1].txt (ID = 2293)
10:15 PM: Found Spy Cookie: ru4 cookie
10:15 PM: hp_owner@edge.ru4[1].txt (ID = 3269)
10:15 PM: Found Spy Cookie: exitexchange cookie
10:15 PM: hp_owner@exitexchange[2].txt (ID = 2633)
10:15 PM: Found Spy Cookie: fortunecity cookie
10:15 PM: hp_owner@fortunecity[1].txt (ID = 2686)
10:15 PM: hp_owner@freeze.directtrack[2].txt (ID = 2528)
10:15 PM: Found Spy Cookie: humanclick cookie
10:15 PM: hp_owner@hc2.humanclick[1].txt (ID = 2810)
10:15 PM: Found Spy Cookie: clickandtrack cookie
10:15 PM: hp_owner@hits.clickandtrack[2].txt (ID = 2397)
10:15 PM: Found Spy Cookie: screensavers.com cookie
10:15 PM: hp_owner@i.screensavers[2].txt (ID = 3298)
10:15 PM: Found Spy Cookie: maxserving cookie
10:15 PM: hp_owner@maxserving[2].txt (ID = 2966)
10:15 PM: Found Spy Cookie: top-banners cookie
10:15 PM: hp_owner@media.top-banners[1].txt (ID = 3548)
10:15 PM: Found Spy Cookie: mygeek cookie
10:15 PM: hp_owner@mygeek[1].txt (ID = 3041)
10:15 PM: Found Spy Cookie: realmedia cookie
10:15 PM: hp_owner@network.realmedia[2].txt (ID = 3236)
10:15 PM: hp_owner@overture[1].txt (ID = 3105)
10:15 PM: hp_owner@partygaming.122.2o7[1].txt (ID = 1958)
10:15 PM: Found Spy Cookie: partypoker cookie
10:15 PM: hp_owner@partypoker[1].txt (ID = 3111)
10:15 PM: hp_owner@perf.overture[1].txt (ID = 3106)
10:15 PM: Found Spy Cookie: tripod cookie
10:15 PM: hp_owner@pers0n99.tripod[1].txt (ID = 3592)
10:15 PM: Found Spy Cookie: popuptraffic cookie
10:15 PM: hp_owner@popuptraffic[1].txt (ID = 3163)
10:15 PM: Found Spy Cookie: pro-market cookie
10:15 PM: hp_owner@pro-market[2].txt (ID = 3197)
10:15 PM: Found Spy Cookie: qksrv cookie
10:15 PM: hp_owner@qksrv[1].txt (ID = 3213)
10:15 PM: Found Spy Cookie: questionmarket cookie
10:15 PM: hp_owner@questionmarket[2].txt (ID = 3217)
10:15 PM: hp_owner@realmedia[2].txt (ID = 3235)
10:15 PM: Found Spy Cookie: valuead cookie
10:15 PM: hp_owner@reduxads.valuead[1].txt (ID = 3627)
10:15 PM: hp_owner@revenue[2].txt (ID = 3257)
10:15 PM: Found Spy Cookie: adjuggler cookie
10:15 PM: hp_owner@rotator.adjuggler[2].txt (ID = 2071)
10:15 PM: Found Spy Cookie: server.iad.liveperson cookie
10:15 PM: hp_owner@server.iad.liveperson[1].txt (ID = 3341)
10:15 PM: Found Spy Cookie: serving-sys cookie
10:15 PM: hp_owner@serving-sys[2].txt (ID = 3343)
10:15 PM: Found Spy Cookie: statcounter cookie
10:15 PM: hp_owner@statcounter[2].txt (ID = 3447)
10:15 PM: Found Spy Cookie: reliablestats cookie
10:15 PM: hp_owner@stats1.reliablestats[1].txt (ID = 3254)
10:15 PM: hp_owner@tacoda[2].txt (ID = 6444)
10:15 PM: Found Spy Cookie: tradedoubler cookie
10:15 PM: hp_owner@tradedoubler[1].txt (ID = 3575)
10:15 PM: Found Spy Cookie: trafficmp cookie
10:15 PM: hp_owner@trafficmp[2].txt (ID = 3581)
10:15 PM: Found Spy Cookie: tribalfusion cookie
10:15 PM: hp_owner@tribalfusion[1].txt (ID = 3589)
10:15 PM: hp_owner@tripod[2].txt (ID = 3591)
10:15 PM: Found Spy Cookie: videodome cookie
10:15 PM: hp_owner@videodome[1].txt (ID = 3638)
10:15 PM: Found Spy Cookie: burstbeacon cookie
10:15 PM: hp_owner@www.burstbeacon[2].txt (ID = 2335)
10:15 PM: hp_owner@z1.adserver[1].txt (ID = 2142)
10:15 PM: hp_owner@zedo[2].txt (ID = 3762)
10:15 PM: hp_owner@zenotecnico[1].txt (ID = 3858)
10:15 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
10:15 PM: Starting File Sweep
10:15 PM: Found Trojan Horse: trojan downloader matcash
10:15 PM: c:\program files\common files\inetget (ID = -2147477182)
10:20 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:20 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:20 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:20 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:21 PM: nt68rrtc12.sys (ID = 220230)
10:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:23 PM: Found Adware: lopdotcom
10:23 PM: biasrefmath.exe (ID = 90)
10:31 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:31 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:31 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:31 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:35 PM: Found Adware: targetsaver
10:35 PM: class-barrel (ID = 78229)
10:36 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:36 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:37 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:37 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:38 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:38 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:38 PM: vocabulary (ID = 78283)
10:38 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:38 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:42 PM: Found Adware: enbrowser
10:42 PM: pf78.exe.tcf (ID = 244430)
10:48 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:48 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:51 PM: zeno.lnk (ID = 146127)
10:51 PM: zxdnt3d.cfg (ID = 91140)
10:51 PM: Found Adware: java byteverify
10:51 PM: gummy.class-78eafab3-55973863.class (ID = 64824)
10:51 PM: ke.vbs (ID = 185675)
10:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
10:55 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:55 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:55 PM: Found System Monitor: potentially rootkit-masked files
10:55 PM: g20060520_0846.trf (ID = 0)
10:55 PM: g20060409_1917.trf (ID = 0)
10:55 PM: g20060417_1740.trf (ID = 0)
10:55 PM: g20060422_1609.trf (ID = 0)
10:55 PM: g20060429_0134.trf (ID = 0)
10:55 PM: g20060504_0530.trf (ID = 0)
10:55 PM: g20060510_1522.trf (ID = 0)
10:55 PM: Warning: Unhandled Archive Type
10:55 PM: Warning: Unhandled Archive Type
10:56 PM: Warning: Invalid file - not a PKZip file
10:56 PM: Warning: Invalid Stream
10:56 PM: Warning: Invalid Stream
10:56 PM: Warning: Invalid Stream
10:56 PM: Warning: Invalid Stream
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: Warning: Invalid Stream
10:56 PM: Warning: Invalid Stream
10:56 PM: Warning: Invalid Stream
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: File Sweep Complete, Elapsed Time: 00:41:09
10:56 PM: Full Sweep has completed. Elapsed time 00:46:50
10:56 PM: Traces Found: 123
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:56 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
10:58 PM: The Spy Communication shield has blocked access to: paypopup.com
10:58 PM: The Spy Communication shield has blocked access to: paypopup.com
11:13 PM: Removal process initiated
11:13 PM: Quarantining All Traces: lopdotcom
11:13 PM: Quarantining All Traces: potentially rootkit-masked files
11:13 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
11:13 PM: g20060520_0846.trf is in use. It will be removed on reboot.
11:13 PM: g20060409_1917.trf is in use. It will be removed on reboot.
11:13 PM: g20060417_1740.trf is in use. It will be removed on reboot.
11:13 PM: g20060422_1609.trf is in use. It will be removed on reboot.
11:13 PM: g20060429_0134.trf is in use. It will be removed on reboot.
11:13 PM: g20060504_0530.trf is in use. It will be removed on reboot.
11:13 PM: g20060510_1522.trf is in use. It will be removed on reboot.
11:13 PM: Quarantining All Traces: trojan downloader matcash
11:13 PM: Quarantining All Traces: enbrowser
11:13 PM: Quarantining All Traces: quicklink search toolbar
11:13 PM: Quarantining All Traces: command
11:13 PM: Quarantining All Traces: java byteverify
11:13 PM: Quarantining All Traces: targetsaver
11:14 PM: Quarantining All Traces: zenosearchassistant
11:14 PM: Quarantining All Traces: 2o7.net cookie
11:14 PM: Quarantining All Traces: 50881381 cookie
11:14 PM: Quarantining All Traces: 888 cookie
11:14 PM: Quarantining All Traces: addynamix cookie
11:14 PM: Quarantining All Traces: adecn cookie
11:14 PM: Quarantining All Traces: adjuggler cookie
11:14 PM: Quarantining All Traces: adknowledge cookie
11:14 PM: Quarantining All Traces: adprofile cookie
11:14 PM: Quarantining All Traces: adrevolver cookie
11:14 PM: Quarantining All Traces: adserver cookie
11:14 PM: Quarantining All Traces: apmebf cookie
11:14 PM: Quarantining All Traces: ask cookie
11:14 PM: Quarantining All Traces: azjmp cookie
11:14 PM: Quarantining All Traces: belnk cookie
11:14 PM: Quarantining All Traces: bluestreak cookie
11:14 PM: Quarantining All Traces: burstbeacon cookie
11:14 PM: Quarantining All Traces: burstnet cookie
11:14 PM: Quarantining All Traces: cassava cookie
11:14 PM: Quarantining All Traces: clickandtrack cookie
11:14 PM: Quarantining All Traces: directtrack cookie
11:14 PM: Quarantining All Traces: enhance cookie
11:14 PM: Quarantining All Traces: exitexchange cookie
11:14 PM: Quarantining All Traces: falkag cookie
11:14 PM: Quarantining All Traces: fortunecity cookie
11:14 PM: Quarantining All Traces: hbmediapro cookie
11:14 PM: Quarantining All Traces: hotbar cookie
11:14 PM: Quarantining All Traces: humanclick cookie
11:14 PM: Quarantining All Traces: maxserving cookie
11:14 PM: Quarantining All Traces: mygeek cookie
11:14 PM: Quarantining All Traces: overture cookie
11:14 PM: Quarantining All Traces: partypoker cookie
11:14 PM: Quarantining All Traces: pointroll cookie
11:14 PM: Quarantining All Traces: popuptraffic cookie
11:14 PM: Quarantining All Traces: pro-market cookie
11:14 PM: Quarantining All Traces: qksrv cookie
11:14 PM: Quarantining All Traces: questionmarket cookie
11:14 PM: Quarantining All Traces: realmedia cookie
11:14 PM: Quarantining All Traces: reliablestats cookie
11:14 PM: Quarantining All Traces: revenue.net cookie
11:14 PM: Quarantining All Traces: ru4 cookie
11:14 PM: Quarantining All Traces: screensavers.com cookie
11:14 PM: Quarantining All Traces: searchingbooth cookie
11:14 PM: Quarantining All Traces: server.iad.liveperson cookie
11:14 PM: Quarantining All Traces: serving-sys cookie
11:14 PM: Quarantining All Traces: specificclick.com cookie
11:14 PM: Quarantining All Traces: statcounter cookie
11:14 PM: Quarantining All Traces: tacoda cookie
11:14 PM: Quarantining All Traces: top-banners cookie
11:14 PM: Quarantining All Traces: tradedoubler cookie
11:14 PM: Quarantining All Traces: trafficmp cookie
11:14 PM: Quarantining All Traces: tribalfusion cookie
11:14 PM: Quarantining All Traces: tripod cookie
11:14 PM: Quarantining All Traces: valuead cookie
11:14 PM: Quarantining All Traces: videodome cookie
11:14 PM: Quarantining All Traces: websponsors cookie
11:14 PM: Quarantining All Traces: yieldmanager cookie
11:14 PM: Quarantining All Traces: zedo cookie
11:14 PM: Quarantining All Traces: zenotecnico cookie
11:14 PM: Preparing to restart your computer. Please wait...
11:14 PM: Removal process completed. Elapsed time 00:00:56
********
10:08 PM: | Start of Session, Monday, May 29, 2006 |
10:08 PM: Spy Sweeper started
10:08 PM: Your spyware definitions have been updated.
10:09 PM: | End of Session, Monday, May 29, 2006 |
Heres the Kaspersky Log:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 30, 2006 12:41:37 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 30/05/2006
Kaspersky Anti-Virus database records: 185273
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\
I:\
J:\
L:\
Scan Statistics:
Total number of scanned objects: 93728
Number of viruses found: 16
Number of infected objects: 30
Number of suspicious objects: 1
Duration of the scan process: 01:16:13
Infected Object Name / Virus Name / Last Action
C:\defender23.exe Infected: Trojan-Downloader.Win32.VB.adw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04EB5AF3.exe Infected: Trojan-Downloader.Win32.Agent.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0500086A.exe Infected: Trojan-Downloader.Win32.PurityScan.bg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\050A065F.cab/Quicklinks.exe/data0001 Infected: Trojan.Win32.Runner.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\050A065F.cab/Quicklinks.exe Infected: Trojan.Win32.Runner.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\050A065F.cab CAB: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\050A065F.cab CryptFF: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FC36D84.tmp Infected: Trojan-Downloader.Java.OpenConnection.ae skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46CD54DC.tmp Infected: Trojan-Downloader.Java.OpenConnection.ae skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46CD54DC.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46CD54DC.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46CD54DC.zip CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A042953.exe Infected: Trojan-Downloader.Win32.Adload.j skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F496587.exe Infected: Trojan-Downloader.Win32.Adload.j skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\542F758E.exe Infected: Trojan.Win32.LowZones.cw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A7526A6.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A7526A6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A7526A6.zip CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FB064E4 Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A4E43CB.hta Infected: Trojan-Downloader.VBS.Psyme.at skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018306.exe Infected: Backdoor.Win32.VB.ary skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018307.exe Infected: Trojan-Downloader.Win32.VB.adw skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018314.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018315.exe Infected: Trojan-Downloader.Win32.Adload.bt skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018326.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018412.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018412.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018412.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018412.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP267\A0018412.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP268\A0018629.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
Scan process completed.
And the HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:42:10 AM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\TrojanHunter 4.5\IL.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06E37323-C8CD-2B3A-7492-48EBA6400B33} - C:\DOCUME~1\HP_Owner\APPLIC~1\blehfind\Cool Program.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Glue acid cool delete] C:\Documents and Settings\All Users\Application Data\ManagerMagsGlueAcid\Help platform.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [barbpoke] C:\DOCUME~1\HP_Owner\APPLIC~1\UPLOAD~1\linkfastcdrom.exe
O4 - HKCU\..\Run: [Dueslqh] C:\WINDOWS\system32\s?curity\arpa.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) -
http://www.mathxl.co...GenXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) -
http://www.mathxl.co...InstallAsst.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) -
http://www.mathxl.co...ts/DeltaCVX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Thnks for ur help!