Tech Support banner

Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter #1
i have been having problems with my comp for a couple of months now, and have downloaded numerous spware/adware/anti-virus programs all to no effect.
So i downloaded hijackthis 2day and this is the log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ben\My Documents\hijackthis.exe

O19 - User stylesheet: C:\WINDOWS\windows.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

If someone could please assist would be greatly appreciated

Ben
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Please repost the log. Your missing half the entrys. No header...No Startup items...ect. This looks like an incomplete log. Also explain your issue in detail. Make sure you read the sticky about "What to do before posting your log"
 

·
Registered
Joined
·
8 Posts
Discussion Starter #3
amended log

apologies microbell... should have read it before han

I have done as stated.... but was experiencing a few problems when using the trendmicro on-line scan.
It would take an extremely long time (approx 45 mins)... then when it was finished it would not let me fix the infections... but mid scan it was sayign around 70-80 infections were present?!....

so other then that hiccup, i have done everthing else the 'sticky' asked.

here is the log from the hijackthis analyzer log:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 1:38:45 PM, on 10/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Documents and Settings\Ben\Desktop\hjt\hijackthis.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O19 - User stylesheet: C:\WINDOWS\windows.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of KRC HijackThis Analyzer Log.
====================================================================

if any other info is required please ask... i hope this is what u wanted?

cheers
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Your log looks suspiciously barren. If you had disabled any startup entry using msconfig, please re-enable them & post a new log. I prefer your log to be raw & unanalysed.
 

·
Registered
Joined
·
8 Posts
Discussion Starter #5
i havent disabled anything like that...
but a couple of weeks ago, all of a sudden when i logged in one day and msn messeger, and other programs that usually automatically start up when i log in, weren't doing so!?...

Also a couple of months ago, my task manager was disabled, but i have managed to get that to work the last few weeks....
it is quite frustrating.... its like u fix one thing... and another problem occurs!
if i need to do something to enable these start up entries, please advise

cheers
 

·
Registered
Joined
·
8 Posts
Discussion Starter #7
Logfile of HijackThis v1.99.1
Scan saved at 7:44:16 PM, on 11/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben\Desktop\hjt\hijackthis.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O19 - User stylesheet: C:\WINDOWS\windows.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


hope this is what u wanted...

cheers
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
You do not appear to have an anti-virus application installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp! - Install.

Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.



Download Lavasoft's Ad-Aware & it's recently updated plug-in - VX2 Cleaner

Install both using the default options & then update Ad-Aware with the latest definitions.
Click on Add-ons in the lefthand column & select - VX2 Cleaner V2.0
Click Run Tool >> "OK"
If something is found, click "Clean" as in the directions given.
Click "Close", and exit Ad-Aware.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

O19 - User stylesheet: C:\WINDOWS\windows.dat


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Launch Ad-Aware & click on the Start button
Select "Perform smart system scan" and click Next.
Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK".


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REBOOT TO NORMAL MODE


As you reboot, Ad-Aware will start up
Click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

It would produce a log called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  • HiJackThis log
    [*] Online Scan
    [*] Ewido
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Before we can proceed any further, please visit Microsoft's Windows Update Page and install ALL Critcal Updates for your system (except Service Pack 2 (SP2). SP2 should only be installed on a fully disinfected system). At the minimum install at least SP1a for both XP and IE6.

Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update XP to SP1 we must stop the cleansing process here.

Thank you for your cooperation.
 

·
Registered
Joined
·
8 Posts
Discussion Starter #9
cheers for the help to date... much appreciated

I have now done everything asked... the only possible problem there might have been along the way, was when i did the final step of the 2nd scan/clean, it said there were no infections/problems, and i dont think it produced a log... i think the log that will be below is from the first scan?... But i will post all the logs, and let me know what to do from there

Logfile of HijackThis v1.99.1
Scan saved at 11:27:41 AM, on 11/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ben\Desktop\hjt\hijackthis.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O19 - User stylesheet: C:\WINDOWS\windows.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Incident Status Location

Adware:adware/cws.searchmeup No disinfected C:\Documents and Settings\Ben\Favorites\Today's Specials.url
Adware:adware/secure32 No disinfected C:\WINDOWS\securea.html
Adware:adware/weblookup No disinfected C:\PROGRAM FILES\Weblookup
Adware:adware/ilookup No disinfected C:\Documents and Settings\Ben\Favorites\Gambling
Adware:adware/block-checker No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\285.jar-1f84ee3f-4272305b.zip[Bubble.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\285.jar-1f84ee3f-4272305b.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\285.jar-1f84ee3f-4272305b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-66d002b9-24fc001e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-66d002b9-24fc001e.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-66d002b9-24fc001e.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-66d002b9-24fc001e.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-66d002b9-24fc001e.zip[Worker.class]
Virus:Trj/Downloader.ANL Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-66d002b9-24fc001e.zip[WEB.EXE]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-126e2ab-43017ee8.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-126e2ab-43017ee8.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-126e2ab-43017ee8.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-126e2ab-43017ee8.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22bcb148-3a6e902d.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22bcb148-3a6e902d.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22bcb148-3a6e902d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22bcb148-3a6e902d.zip[Beyond.class]
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-54d34176-25b1827a.zip[Mein.class]
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-54d34176-25b1827a.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-668dbf80-4c548105.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-668dbf80-4c548105.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-668dbf80-4c548105.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-668dbf80-4c548105.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3a2ffe0f-665fc815.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3a2ffe0f-665fc815.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3a2ffe0f-665fc815.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3a2ffe0f-665fc815.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50a67b1c-3fc5fe6c.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50a67b1c-3fc5fe6c.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50a67b1c-3fc5fe6c.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50a67b1c-3fc5fe6c.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5ff69fe9-76c89bb0.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5ff69fe9-76c89bb0.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5ff69fe9-76c89bb0.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5ff69fe9-76c89bb0.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7493d7dc-59f00677.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7493d7dc-59f00677.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7493d7dc-59f00677.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7493d7dc-59f00677.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-96d30d8-4426da19.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-96d30d8-4426da19.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-96d30d8-4426da19.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-96d30d8-4426da19.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d0d3cf-1fa3046c.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-66caba6e-15d3d39a.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-66caba6e-15d3d39a.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-66caba6e-15d3d39a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-66caba6e-15d3d39a.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68717ba7-594b85c3.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68717ba7-594b85c3.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68717ba7-594b85c3.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68717ba7-594b85c3.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-adb6557-7db67a47.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-adb6557-7db67a47.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-adb6557-7db67a47.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-adb6557-7db67a47.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-316fcf36-38622555.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7b21579c-394341ce.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\freemovies.jar-53907c09-715bae9d.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\freemovies.jar-53907c09-715bae9d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\freemovies.jar-53907c09-715bae9d.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv555.jar-6d1e462a-4c3fe01f.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv555.jar-6d1e462a-4c3fe01f.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv555.jar-6d1e462a-4c3fe01f.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv555.jar-6d1e462a-4c3fe01f.zip[Parser.class]
Virus:Trj/Mitglieder.CP Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-6182d47b-796e1298.zip[javautil.zip]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-6182d47b-796e1298.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-6182d47b-796e1298.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-6182d47b-796e1298.zip[NudeBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-6182d47b-796e1298.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-6182d47b-796e1298.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fda7c69-5f0849b8.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fda7c69-5f0849b8.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fda7c69-5f0849b8.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fda7c69-5f0849b8.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kath\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4d515193-63b8f99e.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kath\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4d515193-63b8f99e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kath\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4d515193-63b8f99e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kath\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4d515193-63b8f99e.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-22be6520-16210785.zip[a.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-22be6520-16210785.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-22be6520-16210785.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-11cb8318-34fd52c6.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-11cb8318-34fd52c6.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-11cb8318-34fd52c6.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-11cb8318-34fd52c6.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-959e3d9-54e99ce0.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-959e3d9-54e99ce0.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-959e3d9-54e99ce0.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kenny\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-959e3d9-54e99ce0.zip[Beyond.class]
Adware:Adware/Weblookup No disinfected C:\Program Files\Weblookup\weblookup.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking v1252.cpl

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:54:24 PM, 11/2/2005
+ Report-Checksum: A784BF55

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\HomePage.HomePageCtrl -> Adware.QuickMetaSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\HomePage.HomePageCtrl\CLSID -> Adware.QuickMetaSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\HomePage.HomePageCtrl\CurVer -> Adware.QuickMetaSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\HomePage.HomePageCtrl.1 -> Adware.QuickMetaSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\STLinks.STLinksCtrl -> Adware.QuickMetaSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\STLinks.STLinksCtrl\CLSID -> Adware.QuickMetaSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\STLinks.STLinksCtrl\CurVer -> Adware.QuickMetaSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\STLinks.STLinksCtrl.1 -> Adware.QuickMetaSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysWebTelecomInt.dll\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysWebTelecomInt.dll\\{EFB22865-F3BC-4309-ADFA-C8E078A7F762} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEHlpLib -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\x6gatq47.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\x6gatq47.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\x6gatq47.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Kath\Application Data\Mozilla\Firefox\Profiles\33sbimvg.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.15:C:\Documents and Settings\katie\Application Data\Mozilla\Firefox\Profiles\i07c3dw5.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\katie\Application Data\Mozilla\Firefox\Profiles\i07c3dw5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\xl1ukoxv.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Program Files\Internet Explorer\hlcyzwzz.exe -> TrojanDownloader.WinShow.r : Cleaned with backup
C:\Program Files\TSS.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\Win_whcr\webhcr.exe/Webhdll.dll -> Spyware.WebHancer : Cleaned with backup
C:\Program Files\Win_whcr\webhcr.exe/WhAgent.exe -> Spyware.WebHancer : Cleaned with backup
C:\Program Files\Win_whcr\webhcr.exe/whiehlpr.dll -> Spyware.WebHancer : Cleaned with backup
C:\Program Files\Win_whcr\webhcr.exe/whInstaller.exe -> Spyware.WebHancer : Cleaned with backup
C:\Program Files\Win_whcr\webhcr.exe/WhSurvey.exe -> Spyware.WebHancer : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-651377827-1801674531-1004\Dc59.exe -> Spyware.Trymedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-651377827-1801674531-1004\Dc60.exe -> Spyware.Trymedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-651377827-1801674531-1004\Dc62.exe -> Spyware.Trymedia : Cleaned with backup
C:\WINDOWS\system32\46078.exe -> Trojan.Ysearch : Cleaned with backup
C:\WINDOWS\system32\56515.exe -> Trojan.Ysearch : Cleaned with backup
C:\WINDOWS\system32\dmdyu.exe -> Trojan.Ysearch : Cleaned with backup
C:\WINDOWS\system32\drivers\systemsvr.sys -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\drivers\wlan1934.sys -> Trojan.Ants : Cleaned with backup


::Report End

Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\Channels\DATING'
Found '' in 'Software\Kazaa\Channels\DATING_BROWSE'
Found '' in 'Software\Kazaa\Channels\G_SPOT_BROWSE'
Found '' in 'Software\Kazaa\Channels\ONELOVE_BROWSE'
Found '' in 'Software\Kazaa\Channels\P2P'
Found '' in 'Software\Kazaa\Channels\RSHIPHOP_BROWSE'
Found '' in 'Software\Kazaa\Channels\WEBSEARCH'
Found '' in 'Software\Kazaa\DontShow'
Found '' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe'
Found '' in 'Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE'
Found '' in 'Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE'
Found '' in 'Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'Software\Kazaa\Channels\SKILLEDGAMES'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\GAIN Publishing'
Found '' in 'SOFTWARE\Classes\AppID\NHelper.DLL'
Found '' in 'SOFTWARE\Classes\AppID\{C630FBBF-E340-49DF-B4CB-06FB9EE34BB6}'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found 'LastSearchHash' in 'Software\Kazaa'
Found 'Tmp' in 'Software\Kazaa'
Found 'ScWeeklyDate' in 'Software\Kazaa\Advanced'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'CloseToSystray' in 'Software\Kazaa\DontShow'
Found 'DisableListFiles' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Search'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'CacheDiscoveryTime' in 'Software\Kazaa\Transfer'
Found 'CacheHost' in 'Software\Kazaa\Transfer'
Found 'CachePort' in 'Software\Kazaa\Transfer'
Found 'CountryCode' in 'Software\Kazaa\UserDetails'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DlDir0' in 'Software\Kazaa\Transfer'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'UserName' in 'Software\Kazaa\UserDetails'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'Software\Dynamic Toolbar'
Found '' in 'SOFTWARE\Classes\morpheustorrent'
Found '' in 'SOFTWARE\MyWay'
Found '' in 'SOFTWARE\Classes\Interface\{73A90743-6A64-425D-B4EA-44D7C839F565}'
Found '' in 'SOFTWARE\Classes\TypeLib\{D31B7025-CC3A-40EA-B1D5-139EA9B70D00}'
Found 'FirstHomePage' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Found 'FirstHomePage' in 'Software\Microsoft\Internet Explorer\Main'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\Ben\Favorites\Sports'
Found 'Morpheus.exe' in 'C:\Documents and Settings\Ben\My Documents\My Music'
Found '' in 'C:\Program Files\StreamCast'
Found 'findanewlover.png' in 'C:\WINDOWS\system32'
Found 'P2P Networking v1252.cpl' in 'C:\WINDOWS\system32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Ben\Favorites\Sports' in shortcut areas.
Checking for 'C:\Documents and Settings\Ben\Favorites\Sports' in startup areas.
Cleaning 'C:\Documents and Settings\Ben\Favorites\Sports'
Checking for 'C:\Documents and Settings\Ben\My Documents\My Music\Morpheus.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\Ben\My Documents\My Music\Morpheus.exe' in startup areas.
Cleaning 'C:\Documents and Settings\Ben\My Documents\My Music\Morpheus.exe'
Checking for 'C:\Program Files\StreamCast' in shortcut areas.
Checking for 'C:\Program Files\StreamCast' in startup areas.
Cleaning 'C:\Program Files\StreamCast'
Checking for 'C:\WINDOWS\system32\findanewlover.png' in shortcut areas.
Checking for 'C:\WINDOWS\system32\findanewlover.png' in startup areas.
Cleaning 'C:\WINDOWS\system32\findanewlover.png'
Checking for 'C:\WINDOWS\system32\P2P Networking v1252.cpl' in shortcut areas.
Checking for 'C:\WINDOWS\system32\P2P Networking v1252.cpl' in startup areas.
Cleaning 'C:\WINDOWS\system32\P2P Networking v1252.cpl'
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
IMPORTANT!:


Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.

**Note** If your having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/download/5/4/f/54f8bcf8-bb4d-4613-8ee7-db69d01735ed/xpsp1a_en_x86.exe



Thank you for your cooperation.

Post a new hijackthis log..once you have updated and we will continue.
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top