Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Maliceous file in c:\windows\system32\mljjg.dll Maliceous file in c:\windows\system32\mljjg.dll
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 01-16-2006, 05:30 PM   #1 (permalink)
Registered User
 
Join Date: Feb 2005
Posts: 43
OS: Windows XP


Maliceous file in c:\windows\system32\mljjg.dll
My disinfection wizard is telling me I have
not-a-virus:AdWare.Win32.Virtumonde.gen
It cannot disinfect and the window will not close...appears after every reboot.
It says that F-secure Anti-Virus will rename so I can inspect. F-secure window also will not disappear even on reboot telling me about the infection.

I have followed you directions to this point as best I can but computer is DEAD slow.

Also as mentioned I could not close the above two windows before I ran Hijack this.

Here is the log

Logfile of HijackThis v1.99.1
Scan saved at 4:21:26 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\svchost.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mljjg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - Unknown owner - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Joody is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-16-2006, 07:20 PM   #2 (permalink)
Professor/Moderator, TSF Design School
 
Grove's Avatar
 
Join Date: Jun 2005
Location: Australia
Posts: 2,382
OS: Windows XP SP2


Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.
__________________
==========================================

Get Help:
TSF Security Forum | HijackThis | MB's 5 Step Process
Get Clean:
AdAware SE | Spybot S&D | CWShredder | Ewido | CleanUp!
Get Protected:
SpywareBlaster | SpywareGuard | Windows Updates | IE-SpyAd


If TSF has helped you, please consider making a donation to help keep the board running.
Grove is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-17-2006, 12:32 AM   #3 (permalink)
Professor/Moderator, TSF Design School
 
Grove's Avatar
 
Join Date: Jun 2005
Location: Australia
Posts: 2,382
OS: Windows XP SP2


Thanks for being so patient.

Hello and welcome to TSF,

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
__________________
==========================================

Get Help:
TSF Security Forum | HijackThis | MB's 5 Step Process
Get Clean:
AdAware SE | Spybot S&D | CWShredder | Ewido | CleanUp!
Get Protected:
SpywareBlaster | SpywareGuard | Windows Updates | IE-SpyAd


If TSF has helped you, please consider making a donation to help keep the board running.
Grove is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-17-2006, 01:37 PM   #4 (permalink)
Registered User
 
Join Date: Feb 2005
Posts: 43
OS: Windows XP


Thank you for your quick response.....here are the requested logs

VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2

C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\mljjg.dll
Attempting to delete C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.bak2 Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 12:33:01 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\svchost.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - Unknown owner - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Joody is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-18-2006, 12:47 AM   #5 (permalink)
Professor/Moderator, TSF Design School
 
Grove's Avatar
 
Join Date: Jun 2005
Location: Australia
Posts: 2,382
OS: Windows XP SP2


Hello and Welcome Back,

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

MicroSoft AntiSpyware Program:

Because of recent changes in the way this program now defines and detects spyware/adware it is no longer recommend as a spyware removal tool. Microsoft has downgraded several adware/spyware programs that it used to detect and remove and now lists them simply as “Ignore”

These are some of the adware/spyware programs that this program will NOT prompt you to remove. Claria, 180Solutions, WhenU, New.net, most WhenU apps, eZula,TopText, Gain/Gator, and Webhancer. These are all known adware/spyware programs and hijackers. Basically this product can no longer be trusted to flag adware/spyware programs for removal!! I recommend you remove it or at the very least DO NOT solely depend on it for protection.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

MS AntiSpyware (MSAS) Beta
  • Right-click on the Microsoft Anti-Spyware icon in the system tray [it's the one with the red and yellow bulls-eye].
  • Click on "Security Agents Status".
  • Click on "Disable real-time protection".
  • Next right-click on the Microsoft Anti-Spyware icon in the system tray again to open Microsoft Anti-Spyware.
  • Click on the Options menu and choose Settings. In the left pane column click on "Real Time Protection".
  • Under Startup Options, uncheck "Enable (MSAS) Security Agents on startup (recommended)"
  • Under Real-time spyware threat protection, uncheck and "Enable real-time spyware threat protection" (recommended).
  • Click the Save button and close Microsoft AntiSpyware.
  • Finally, right-click on the MSAS icon in the system tray and select "Shutdown Microsoft Antispyware".

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Please Download LSPFix.exe You will use this later.

Please download Cleanup! or use this (Alternate Link) if the main link does not work and install it. You will use this later.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time).

C:\WINDOWS\ALCXMNTR.EXE

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll

Please remember to close all other windows, including browsers then click Fix checked.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

While running Hijackthis, verify if these entries still exist:

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

If they exist, we would be required to run LSPFix.exe

Instructions for using LSPFix
  1. Double click on LSPFix.exe to run it.
  2. Once running, you will be required to tick the disclaimer - "I know what I'm doing".
  3. You'll find a windows with 2 panes.
    In the left pane which is labeled 'Keep', select all instances of winsflt.dll
  4. Then click on the arrow pointing to the right, >>.
    This will move the entry to the right pane labeled 'Remove'
  5. Click the Finish button to complete the fix.
Only entries similar to winsflt.dll need to be removed. If you see any other entries in the right pane, move them back to the "Keep" pane & post the filenames to inform me.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\ ALCXMNTR.EXE

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files


Click OK, Press the CleanUp! button to start the program and reboot when prompted.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Reboot your system in Normal Mode.

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

In your next post, please include fresh logs from:
  • HijackThis Log
  • Online Scan

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now.
__________________
==========================================

Get Help:
TSF Security Forum | HijackThis | MB's 5 Step Process
Get Clean:
AdAware SE | Spybot S&D | CWShredder | Ewido | CleanUp!
Get Protected:
SpywareBlaster | SpywareGuard | Windows Updates | IE-SpyAd


If TSF has helped you, please consider making a donation to help keep the board running.
Grove is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-18-2006, 02:35 PM   #6 (permalink)
Registered User
 
Join Date: Feb 2005
Posts: 43
OS: Windows XP


Ok,,,,did online scan,,,,,saw no option to clean the mess....only options I could find were save as html,,,save as text,,,,expand list.....perhaps I looked in wrong place. Anyway it found lots :-( Computer is not working as slowly now and security windows have quite popping up.

Online scan

------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, January 18, 2006 13:29:19
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/01/2006
Kaspersky Anti-Virus database records: 161284
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 50544
Number of viruses found: 20
Number of infected objects: 157
Number of suspicious objects: 0
Duration of the scan process: 2642 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-24d546d3-4571376b.zip.bac_a04752/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-24d546d3-4571376b.zip.bac_a04752/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-24d546d3-4571376b.zip.bac_a04752/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-24d546d3-4571376b.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-24d546d3-4571376b.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-4f76b95e-7e467a40.zip.bac_a04752/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-4f76b95e-7e467a40.zip.bac_a04752/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-4f76b95e-7e467a40.zip.bac_a04752/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-4f76b95e-7e467a40.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-4f76b95e-7e467a40.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-60477cb4-36c0ccff.zip.bac_a04752/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-60477cb4-36c0ccff.zip.bac_a04752/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-60477cb4-36c0ccff.zip.bac_a04752/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-60477cb4-36c0ccff.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-60477cb4-36c0ccff.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-66a00f19-74f9b2b4.zip.bac_a04752/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-66a00f19-74f9b2b4.zip.bac_a04752/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-66a00f19-74f9b2b4.zip.bac_a04752/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-66a00f19-74f9b2b4.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-66a00f19-74f9b2b4.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-7cc9ada7-63d2c2c1.zip.bac_a04752/GetAccess.class Infected: Trojan.Java.ClassLoader.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-7cc9ada7-63d2c2c1.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.w
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\classload.jar-7cc9ada7-63d2c2c1.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.w
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-10317d84-423cc1a0.zip.bac_a04752/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-10317d84-423cc1a0.zip.bac_a04752/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-10317d84-423cc1a0.zip.bac_a04752/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-10317d84-423cc1a0.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-22f5f81f-13c19bcc.zip.bac_a04752/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-22f5f81f-13c19bcc.zip.bac_a04752/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-22f5f81f-13c19bcc.zip.bac_a04752/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-22f5f81f-13c19bcc.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-64e3fec3-6d6d0e7f.zip.bac_a04752/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-64e3fec3-6d6d0e7f.zip.bac_a04752/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-64e3fec3-6d6d0e7f.zip.bac_a04752/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-64e3fec3-6d6d0e7f.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-6e0f3366-6964b4f8.zip.bac_a04752/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-6e0f3366-6964b4f8.zip.bac_a04752/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-6e0f3366-6964b4f8.zip.bac_a04752/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-6e0f3366-6964b4f8.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-c2b9e19-2afdd8eb.zip.bac_a04752/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-c2b9e19-2afdd8eb.zip.bac_a04752/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-c2b9e19-2afdd8eb.zip.bac_a04752/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\count.jar-c2b9e19-2afdd8eb.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\Counters.jar-47ac307b-2eda2c39.zip.bac_a04752/Xeyond.class Infected: Trojan.Java.Femad
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\Counters.jar-47ac307b-2eda2c39.zip.bac_a04752/web.exe Infected: Trojan-Dropper.Win32.Agent.lo
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\Counters.jar-47ac307b-2eda2c39.zip.bac_a04752 Infected: Trojan-Dropper.Win32.Agent.lo
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\Dummy.class-8e395c2-22d885dd.class.bac_a04752 Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-523b42ba.zip.bac_a03300/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-523b42ba.zip.bac_a03300/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-523b42ba.zip.bac_a03300 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-523b42ba.zip.bac_a04752/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-523b42ba.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-523b42ba.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-57289c09.zip.bac_a03300/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-57289c09.zip.bac_a03300/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-57289c09.zip.bac_a03300 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-57289c09.zip.bac_a04752/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-57289c09.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-57289c09.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-69d1734e.zip.bac_a03300/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-69d1734e.zip.bac_a03300/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-69d1734e.zip.bac_a03300 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-69d1734e.zip.bac_a04752/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-69d1734e.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\java.jar-8fba449-69d1734e.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-2c0df170-4880d9b5.zip.bac_a03300/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-2c0df170-4880d9b5.zip.bac_a03300/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-2c0df170-4880d9b5.zip.bac_a03300 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-2c0df170-4880d9b5.zip.bac_a04752/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-2c0df170-4880d9b5.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-2c0df170-4880d9b5.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-ffb4f44-50de9250.zip.bac_a03300/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-ffb4f44-50de9250.zip.bac_a03300/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-ffb4f44-50de9250.zip.bac_a03300 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-ffb4f44-50de9250.zip.bac_a04752/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-ffb4f44-50de9250.zip.bac_a04752/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\jrl.jar-ffb4f44-50de9250.zip.bac_a04752 Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv175.jar-3e9cf31-24d1e775.zip.bac_a04752/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv175.jar-3e9cf31-24d1e775.zip.bac_a04752/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv175.jar-3e9cf31-24d1e775.zip.bac_a04752/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv175.jar-3e9cf31-24d1e775.zip.bac_a04752 Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv506.jar-4b9ee7a3-74e952c8.zip.bac_a04752/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv506.jar-4b9ee7a3-74e952c8.zip.bac_a04752/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv506.jar-4b9ee7a3-74e952c8.zip.bac_a04752/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv506.jar-4b9ee7a3-74e952c8.zip.bac_a04752 Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-17c1273b.zip.bac_a04752/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-17c1273b.zip.bac_a04752/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-17c1273b.zip.bac_a04752/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-17c1273b.zip.bac_a04752 Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-24561c2c.zip.bac_a04752/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-24561c2c.zip.bac_a04752/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-24561c2c.zip.bac_a04752/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-24561c2c.zip.bac_a04752 Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-3afd504d.zip.bac_a04752/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-3afd504d.zip.bac_a04752/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-3afd504d.zip.bac_a04752/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-3afd504d.zip.bac_a04752 Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-4b57c3f8.zip.bac_a04752/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-4b57c3f8.zip.bac_a04752/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-4b57c3f8.zip.bac_a04752/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv588.jar-54cb6adc-4b57c3f8.zip.bac_a04752 Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv666.jar-3c315425-3cbbdebd.zip.bac_a04752/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv666.jar-3c315425-3cbbdebd.zip.bac_a04752/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv666.jar-3c315425-3cbbdebd.zip.bac_a04752/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv666.jar-3c315425-3cbbdebd.zip.bac_a04752 Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv761.jar-2d22613c-2890f187.zip.bac_a04752/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv761.jar-2d22613c-2890f187.zip.bac_a04752/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv761.jar-2d22613c-2890f187.zip.bac_a04752/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv761.jar-2d22613c-2890f187.zip.bac_a04752 Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv799.jar-45513d78-4443855e.zip.bac_a04752/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv799.jar-45513d78-4443855e.zip.bac_a04752/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv799.jar-45513d78-4443855e.zip.bac_a04752/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\loaderadv799.jar-45513d78-4443855e.zip.bac_a04752 Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-2075dd4b-63dc0347.zip.bac_a04752/NudeBox.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-2075dd4b-63dc0347.zip.bac_a04752/Worker.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-2075dd4b-63dc0347.zip.bac_a04752/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-2075dd4b-63dc0347.zip.bac_a04752/javautil.zip Infected: Trojan-Downloader.Win32.Small.bvv
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-2075dd4b-63dc0347.zip.bac_a04752/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-2075dd4b-63dc0347.zip.bac_a04752 Infected: Trojan-Downloader.Win32.Small.bmk
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-3e83161f-7a3375bf.zip.bac_a04752/NudeBox.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-3e83161f-7a3375bf.zip.bac_a04752/Worker.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-3e83161f-7a3375bf.zip.bac_a04752/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-3e83161f-7a3375bf.zip.bac_a04752/javautil.zip Infected: Trojan-Downloader.Win32.Small.bvv
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-3e83161f-7a3375bf.zip.bac_a04752/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.cbp
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\menu.jr-3e83161f-7a3375bf.zip.bac_a04752 Infected: Trojan-Downloader.Win32.Small.cbp
C:\Documents and Settings\Compaq_Owner\.housecall\Quarantine\VerifierBug.class-7f4602d8-4696d839.class.bac_a04752 Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-1ea4998b-7367f1ea.class Infected: Trojan-Clicker.Win32.Spywad.b
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7cc9ada7-63d2c2c1.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.aa
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7cc9ada7-63d2c2c1.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.w
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7cc9ada7-63d2c2c1.zip Infected: Trojan-Downloader.Java.OpenConnection.w
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-47ac307b-2eda2c39.zip/web.exe Infected: Trojan-Dropper.Win32.Agent.lo
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-47ac307b-2eda2c39.zip Infected: Trojan-Dropper.Win32.Agent.lo
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv175.jar-3e9cf31-24d1e775.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv175.jar-3e9cf31-24d1e775.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv506.jar-4b9ee7a3-74e952c8.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv506.jar-4b9ee7a3-74e952c8.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-54cb6adc-17c1273b.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-54cb6adc-17c1273b.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-54cb6adc-24561c2c.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-54cb6adc-24561c2c.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-54cb6adc-3afd504d.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-54cb6adc-3afd504d.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-54cb6adc-4b57c3f8.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-54cb6adc-4b57c3f8.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-2d22613c-2890f187.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-2d22613c-2890f187.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv799.jar-45513d78-4443855e.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv799.jar-45513d78-4443855e.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-2075dd4b-63dc0347.zip/Worker.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-2075dd4b-63dc0347.zip/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-2075dd4b-63dc0347.zip Infected: Trojan-Downloader.Win32.Small.bmk
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3e83161f-7a3375bf.zip/Worker.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3e83161f-7a3375bf.zip/javautil.zip Infected: Trojan-Downloader.Win32.Small.bvv
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3e83161f-7a3375bf.zip/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.cbp
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3e83161f-7a3375bf.zip Infected: Trojan-Downloader.Win32.Small.cbp
C:\System Volume Information\_restore{8644B53C-E305-4C14-B2BD-C6673D25DC97}\RP287\A0037187.0LL Infected: Trojan-Downloader.Win32.ConHook.w
C:\WINDOWS\system32\GEBYX.0LL Infected: Trojan-Downloader.Win32.ConHook.w

Scan process completed.


HiJack this log

Logfile of HijackThis v1.99.1
Scan saved at 1:32:22 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\svchost.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - Unknown owner - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Joody is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!