Incident Status Location
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\David & Sue\Favorites\Fun & Games
Adware:Adware/FunWeb No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.inf
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Spyware:Spyware/Altnet No disinfected C:\Program Files\PestPatrol\Quarantine\20050212114215.zip[__unin__.exe]
Spyware:Spyware/Altnet No disinfected C:\Program Files\PestPatrol\Quarantine\20050302063259.zip[__unin__.exe]
Adware:Adware/nCase No disinfected C:\Program Files\PestPatrol\Quarantine\20050511132949.zip[saap.exe]
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\PestPatrol\Quarantine\20050626115321.zip[ysb.dll]
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F69E81D7-2D65-49F1-9EC5-18DD7A\00CC2DDD-F41D-46E7-B3EA-B84984
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\07BDBBBE-6E56-4FB6-B1FB-6C0AA7\E1254C6A-B3E2-477A-841B-C0F764
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A1888073-A3E3-4C87-8C59-22C02D\6618A2E2-152B-4623-AD5D-229C6D
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A1888073-A3E3-4C87-8C59-22C02D\BC4C4553-6339-4633-9603-0BDC3E
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\JN9J7LSW\get[1].php
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\JBPBRH0W\2-8[1].htm
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\NHZ81VFS\free-easter-wallpapers-2[1].htm
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Lommerse\Local Settings\Temporary Internet Files\Content.IE5\GGCE134T\free-easter-wallpapers[1].htm
Adware:Adware/Lop No disinfected C:\Documents and Settings\David & Sue\Application Data\Gram title\Five Deaf Log.exe
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP3\A0000175.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP6\A0000229.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP43\A0002377.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-3.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-4.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-5.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP45\snapshot\MFEX-6.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-3.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-4.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-5.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-6.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-9.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-10.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-11.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\snapshot\MFEX-12.DAT
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\A0002411.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\A0002430.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP46\A0002558.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP71\A0003926.EXE
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP71\A0003927.DLL
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004152.dll
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004170.cpl
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004176.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004177.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004178.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004179.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004180.exe
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004181.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004182.dll
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{99699BFE-64E3-4222-96BA-346C67772D95}\RP77\A0004185.dll
Spyware:Spyware/Altnet No disinfected D:\Kazaa\TopSearch.dll
Logfile of HijackThis v1.99.1
Scan saved at 4:01:59 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Vet\VetTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Vet\isafe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Stardock\Object Desktop\DesktopX\DXWidget.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Weather Forecaster (animated).lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\WeatherAni.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) -
https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.viewpoint.com/MT...subcatId=&search=superbuddy&skip=1&expId=7880
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118971301921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118971243390
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -
http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{805BC18B-4D7A-4C53-A5C1-9A545E21125F}: NameServer = 64.215.86.12,64.84.96.2
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe