Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Can Not Boot In Safe Mode... Help Please - Hjt Log


  • This topic is locked This topic is locked
6 replies to this topic

#1 Blackstar1

Blackstar1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 14 October 2005 - 07:41 AM

Hello,

My name is Blackstar1. I am new. I have been using XP Pro and noticed a number of problems with various programs on startup:

1. Some programs run some of the time but not all the time.

2. I get an error saying the rundll32 file can not be found

3. I get the following error when I try to boot in safe mode: Memory access violation in module kernal32 at 7169:64834425 . ( F8 method does not result in a safe mode boot option).

4. Also for some unknown reason, Stopzilla stop loading and now comes up with an error.

Can someone please give me some advice and direction?

Thanks you

Hijack This Scan and Log follows:

Logfile of HijackThis v1.99.1
Scan saved at 02:27:54 PM, on 14-Oct-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\System32\winpadg.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\System32\MSxUP32.exe
C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Acpana Business Systems\Data Deposit Box\startup.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Acpana Business Systems\Data Deposit Box\backup.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\Winamp\winamp.exe
C:\Documents and Settings\Frank\My Documents\My Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.novableep.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greenshield.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.novableep.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.novableep.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greenshield.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.novableep.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.novableep.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.seekwell.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.novableep.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcpack.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {06BEC426-4E3B-AE22-96EA-CAFFDB2CB6ED} - C:\WINDOWS\System32\xwcfvyem.dll
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {467DE3A3-164B-60AB-6112-8C29C8864FA2} - C:\WINDOWS\System32\tczcdkll.dll (file missing)
O2 - BHO: (no name) - {63C57F79-09C2-72CC-3E62-EB1686E38F06} - C:\WINDOWS\System32\nxmfoant.dll (file missing)
O2 - BHO: (no name) - {79FAA5E3-5508-FAD5-E5E5-E10CB11EAB8B} - C:\WINDOWS\System32\ssfffuya.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {BABDB640-49B3-467C-B813-5CD43C7BBC44} - C:\WINDOWS\System32\cgb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {C729BF6E-5793-B0F8-C142-B14B6A23F293} - C:\WINDOWS\System32\hydtllky.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [icgocrf] "C:\WINDOWS\System32\icgocrf.exe"
O4 - HKLM\..\Run: [Updates] C:\WINDOWS\system32\msupdate.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\System32\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd32.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\rftye.exe
O4 - HKLM\..\Run: [Windows Desktop Daemon] winpadg.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [Microsoft DDE Control] wupades.exe
O4 - HKLM\..\Run: [Microsoft Security Controlers] fxsecues.exe
O4 - HKLM\..\Run: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\Run: [MsConfigs] C:\Program Files\MsConfigs\MsConfigs.exe
O4 - HKLM\..\Run: [Microsoft Core Support] MSxUP32.exe
O4 - HKLM\..\Run: [vSkype] C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe no
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd32.exe
O4 - HKLM\..\RunServices: [Windows Desktop Daemon] winpadg.exe
O4 - HKLM\..\RunServices: [Microsoft DDE Control] wupades.exe
O4 - HKLM\..\RunServices: [Microsoft Security Controlers] fxsecues.exe
O4 - HKLM\..\RunServices: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\RunServices: [Microsoft Core Support] MSxUP32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd32.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Data Deposit Box.lnk = C:\Program Files\Acpana Business Systems\Data Deposit Box\startup.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/Dial...TML_pack_XP.cab
O18 - Protocol: vskype - (no CLSID) - (no file)
O18 - Filter: text/html - {E7BC0840-29E4-4C79-9B2C-D60AE1F101D6} - C:\WINDOWS\System32\cgb.dll
O18 - Filter: text/plain - {E7BC0840-29E4-4C79-9B2C-D60AE1F101D6} - C:\WINDOWS\System32\cgb.dll
O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

### End ###

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:30 PM

Posted 14 October 2005 - 04:21 PM

Hello,

This system is infected like hell, and actually, it doesn't surprise me at all.
Any reason why your windows isn't up to date? You don't have even ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Please visit http://windowsupdate.microsoft.com and update to Service Pack 1. When your system is clean afterwards, then update to SP2, because updating to SP2 CAN cause problems as long as you are infected.

You also don't have an antivirus and firewall intalled. :thumbsup:
Any reason? Your spysweeper isn't up to date either, you're still using a much older version.

After you updated to SP1, install an antivirus.
I suggest you install Kaspersky, because with the amount infections on your system, Kaspersky is the best one here to deal with it.
The only thing I'm fearing is.... This all already caused a LOT of damage and I'm not that sure we can restore this all.

Download and install Kaspersky from here: http://www.kaspersky.com/trials?chapter=146481750

This is a trial for 30 days. But you really need it right now. I'll give you more tips afterwards what options you have when the trial is expired.

Install Kaspersky and update it. (Click Update now in the left panel)
After being updated, Click 'Scan my computer'
Let it perform a full scan and let it delete everything it is finding.

Reboot afterwards

Post a new hijackthislog after reboot.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Blackstar1

Blackstar1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 15 October 2005 - 12:33 PM

Hi and thank you. Some of the information vacuum comes because I am in Denmark. We are not in an environement which is as aware of system threats unless you have an IT person to working for you.

- Norton Firewall and Internet Security have been installed
- Norton Virus Scan completed and malware either eliminated or guaranteened
- Webroot Spy Sweeper has been updated and Swept
- Microsoft Windows update ( I think Sp1 and Sp2) have been installed
- I subscribed to the Microsoft update service

Here is the Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 07:08:29 PM, on 15-Oct-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\Acpana Business Systems\Data Deposit Box\startup.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Acpana Business Systems\Data Deposit Box\backup.exe
C:\Documents and Settings\Frank\My Documents\My Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.novableep.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.novableep.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.novableep.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greenshield.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.novableep.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.seekwell.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.novableep.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcpack.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {06BEC426-4E3B-AE22-96EA-CAFFDB2CB6ED} - C:\WINDOWS\System32\xwcfvyem.dll
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {467DE3A3-164B-60AB-6112-8C29C8864FA2} - C:\WINDOWS\System32\tczcdkll.dll (file missing)
O2 - BHO: (no name) - {63C57F79-09C2-72CC-3E62-EB1686E38F06} - C:\WINDOWS\System32\nxmfoant.dll (file missing)
O2 - BHO: (no name) - {79FAA5E3-5508-FAD5-E5E5-E10CB11EAB8B} - C:\WINDOWS\System32\ssfffuya.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {BABDB640-49B3-467C-B813-5CD43C7BBC44} - C:\WINDOWS\System32\cgb.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C729BF6E-5793-B0F8-C142-B14B6A23F293} - C:\WINDOWS\System32\hydtllky.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [icgocrf] "C:\WINDOWS\System32\icgocrf.exe"
O4 - HKLM\..\Run: [Updates] C:\WINDOWS\system32\msupdate.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\System32\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd32.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\rftye.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [Microsoft DDE Control] wupades.exe
O4 - HKLM\..\Run: [Microsoft Security Controlers] fxsecues.exe
O4 - HKLM\..\Run: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\Run: [MsConfigs] C:\Program Files\MsConfigs\MsConfigs.exe
O4 - HKLM\..\Run: [vSkype] C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe no
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd32.exe
O4 - HKLM\..\RunServices: [Microsoft DDE Control] wupades.exe
O4 - HKLM\..\RunServices: [Microsoft Security Controlers] fxsecues.exe
O4 - HKLM\..\RunServices: [Mircosoft Update] wuampkd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd32.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Data Deposit Box.lnk = C:\Program Files\Acpana Business Systems\Data Deposit Box\startup.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129388245007
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129392497593
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/Dial...TML_pack_XP.cab
O18 - Protocol: vskype - (no CLSID) - (no file)
O18 - Filter: text/html - {E7BC0840-29E4-4C79-9B2C-D60AE1F101D6} - C:\WINDOWS\System32\cgb.dll
O18 - Filter: text/plain - {E7BC0840-29E4-4C79-9B2C-D60AE1F101D6} - C:\WINDOWS\System32\cgb.dll
O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
O20 - AppInit_DLLs: c:\windows\system32\ctlopp.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Even I can see some obvious problems here. Thank you for your assistance.

Regards, Blackstar

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:30 PM

Posted 15 October 2005 - 12:45 PM

Hello, let's see what is still present and what isn't.

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!
I can't stress enough how important this is.

* Download SpSeHjfix: http://www.derbilk.de/404.html
choose the right version for your system.
Unzip it to your desktop.

Start SpSeHjfix and click "Start disinfection"

Let it finish the job.

Restore your websettings: Go to start > controlpanel > Internetoptions > Tab Programs.
Click: "Restore Websettings"

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/p2pnetwork.bfu

Click Ok
Then click execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

* Download and install CCleaner
Do not use it yet.

* Please download ewido:
http://www.ewido.net/en/download/
Let it update, but don't let it scan yet!!

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.novableep.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.novableep.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.novableep.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.novableep.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.seekwell.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.novableep.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcpack.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {06BEC426-4E3B-AE22-96EA-CAFFDB2CB6ED} - C:\WINDOWS\System32\xwcfvyem.dll
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {467DE3A3-164B-60AB-6112-8C29C8864FA2} - C:\WINDOWS\System32\tczcdkll.dll (file missing)
O2 - BHO: (no name) - {63C57F79-09C2-72CC-3E62-EB1686E38F06} - C:\WINDOWS\System32\nxmfoant.dll (file missing)
O2 - BHO: (no name) - {79FAA5E3-5508-FAD5-E5E5-E10CB11EAB8B} - C:\WINDOWS\System32\ssfffuya.dll (file missing)
O2 - BHO: (no name) - {BABDB640-49B3-467C-B813-5CD43C7BBC44} - C:\WINDOWS\System32\cgb.dll (file missing)
O2 - BHO: (no name) - {C729BF6E-5793-B0F8-C142-B14B6A23F293} - C:\WINDOWS\System32\hydtllky.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll (file missing)
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O4 - HKLM\..\Run: [icgocrf] "C:\WINDOWS\System32\icgocrf.exe"
O4 - HKLM\..\Run: [Updates] C:\WINDOWS\system32\msupdate.exe
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\System32\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd32.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\rftye.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [Microsoft DDE Control] wupades.exe
O4 - HKLM\..\Run: [Microsoft Security Controlers] fxsecues.exe
O4 - HKLM\..\Run: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\Run: [MsConfigs] C:\Program Files\MsConfigs\MsConfigs.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd32.exe
O4 - HKLM\..\RunServices: [Microsoft DDE Control] wupades.exe
O4 - HKLM\..\RunServices: [Microsoft Security Controlers] fxsecues.exe
O4 - HKLM\..\RunServices: [Mircosoft Update] wuampkd.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/Dial...TML_pack_XP.cab
O18 - Protocol: vskype - (no CLSID) - (no file)
O18 - Filter: text/html - {E7BC0840-29E4-4C79-9B2C-D60AE1F101D6} - C:\WINDOWS\System32\cgb.dll
O18 - Filter: text/plain - {E7BC0840-29E4-4C79-9B2C-D60AE1F101D6} - C:\WINDOWS\System32\cgb.dll
O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
O20 - AppInit_DLLs: c:\windows\system32\ctlopp.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system.

* Perform an online scan with Kaspersky Online Scanner

Click "Launch Kaspersky Anti-Virus Web Scanner"
You will be prompted if you want to install an ActiveX component from Kaspersky, click yes.
This will start downloading the latest definition files.
Once the files have been downloaded click on "Next"

* Click "Scan Settings"
Select the following in Scan Settings (normally they are already selected by default)

°Scan using the following Anti-Virus database: Standard

°Scan Options: Scan Archives
Scan Mail Bases

* Click OK
* Under select a target to scan, select "My Computer"

* This program will start to scan your system.
The scan will take a while so be patient and let it run.
When the scan is done, it will show a list of infected files found.

* Click on the "Save as Text"- button:
Save the scan log and post it along with a new HijackThis Log, the log the log that SpSeHjfix produced. (it's in the same folder as SpSeHjfix)
and the Ewido Log by using Add Reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Blackstar1

Blackstar1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 22 October 2005 - 07:04 AM

Hello and thank you so much for helping me. It has taken sometime for me to find enough time to complete all the scans and logs. But below are the results as you instructed. I tried to keep to your instructions as best as possible. There were a few unexpected things such as some malware that were enbeded in "archives". And there were a number of infected files which I was to check off of the HijackThis list but did not appear when I ran the program. Some of the items on the HijackThis list were called "novableep" but in the program they were called "novaf ----" .

I look forward to your next set of instructions. By the way, the computer seems to have some memory problems, its slow, also some of the desktop shortcuts are not working well. the good news is I was able to start the computer in "safe mode" using the "Run" msconfig technique.

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:18:13 AM, 22-Oct-05
+ Report-Checksum: 35F28532

+ Scan result:

C:\WINDOWS\system32\rebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\rebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\WINDOWS\system32\rebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\rebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\WINDOWS\system32\webrebates.exe/WEBREB~1.EXE -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\webrebates.exe/WEBREB~1.EXE -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Frank\rebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Frank\rebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Frank\rebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Frank\rebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Frank\a.tmp/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Frank\a.tmp/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Frank\a.tmp/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Frank\a.tmp/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Frank\b.tmp/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Frank\b.tmp/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Frank\b.tmp/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Frank\b.tmp/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-3c0efa2b-6c9a19f5.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-3c0efa2b-6c9a19f5.zip/Beyond.class -> Trojan.Java.ClassLoader.k : Cleaned with backup
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\arc.zip-1fac5625-3e1415e7.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-2ecf098a-63f16869.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\X06X2TZP\vice[1].exe/WEBREB~1.EXE -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\X06X2TZP\vice[1].exe/WEBREB~1.EXE -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\X06X2TZP\versa[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\X06X2TZP\versa[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\X06X2TZP\versa[1].exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\X06X2TZP\versa[1].exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Zachary\webrebates.exe/WEBREB~1.EXE -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Zachary\webrebates.exe/WEBREB~1.EXE -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Zachary\rebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Zachary\rebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Zachary\rebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Zachary\rebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Guest\Local Settings\Temp\upd5.tmp/install.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP251\A0179938.exe/GO.exe -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP268\A0181595.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP268\A0181596.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP268\A0181597.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP268\A0181598.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP268\A0181599.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP268\A0181600.exe -> Spyware.PowerScan : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP268\A0181601.DLL -> Spyware.MediaPops : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP268\A0181602.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{6C52D586-57D5-41A9-B510-305901FEB018}\RP268\A0181603.dll -> Spyware.BargainBuddy : Cleaned with backup


::Report End

KASPERSKY ON-LINE SCANNER REPORT
Saturday, October 22, 2005 13:43:16
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 22/10/2005
Kaspersky Anti-Virus database records: 146154
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 120549
Number of viruses found: 74
Number of infected objects: 196
Number of suspicious objects: 0
Duration of the scan process: 5595 sec

Infected Object Name - Virus Name
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A046248.dll Infected: Trojan.Win32.StartPage.is
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D201141.exe Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D26653A.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D290F36.exe Infected: Worm.Win32.VB.an
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D4C0774.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D503170.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02B2335F.tmp Infected: Trojan.Win32.Scagent.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\03F919F7.tmp Infected: Worm.Win32.VB.an
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F660D63.dat Infected: Trojan-Dropper.Win32.Small.do
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\133D6B2A.dll Infected: Trojan-Downloader.Win32.Small.xo
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13A62AB7.exe Infected: Email-Worm.Win32.Swen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21382BC7.exe Infected: Trojan.Win32.Crypt.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21667795.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21AE1346.exe Infected: Trojan-Dropper.Win32.Small.qi
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\22581A8B.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\225B4487.chm/exploit.htm Infected: Trojan-Downloader.VBS.Psyme.ac
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\225B4487.chm Infected: Trojan-Downloader.VBS.Psyme.ac
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\22621880.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\227C6863.exe Infected: Trojan-Dropper.Win32.Small.qi
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B945861.exe Infected: Trojan.Win32.StartPage.nk
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18DC5BB7.exe Infected: Trojan.Win32.Scagent.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B945861.dll Infected: Trojan.Win32.Scagent.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B945861.hta Infected: Trojan.VBS.StartPage.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18DC5BB7.dll Infected: Trojan-Downloader.Win32.Zlob.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B7243CA.exe Infected: Trojan-Downloader.Win32.Zlob.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B97025D.exe Infected: Trojan-Dropper.Win32.Small.qi
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B9B2C5A.dll Infected: Trojan-Clicker.Win32.Agent.bu
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B9B2C5A.exe Infected: Trojan-Clicker.Win32.Small.dj
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\246C17B6.exe Infected: Trojan-Dropper.Win32.Small.qt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C076278.exe Infected: Trojan-Dropper.Win32.Small.qt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B9B2C5A Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\246C17B6 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C076278 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B2A7A74 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28204571 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4FB34ABC Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AE37A9E Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F0F0A44 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04B75017 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01012B92 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B9E5656 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A3475B5 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\345271CE Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\37536F05 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BA10053 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FFC53B5 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5C9C0125 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BA42A4F Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75C531B4 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04E7107C Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4FA45827 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BA8544C Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B8D0FB3 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BAB7E48 Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BAB7E48.exe Infected: Trojan.Win32.Crypt.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BAE2844.exe Infected: Backdoor.Win32.Rbot.pd
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\471D4BB2.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BB25241.exe Infected: Trojan.Win32.Small.bm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BB57C3D.exe Infected: Trojan.Win32.KillFiles.im
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BB8263A.exe Infected: Trojan.Win32.StartPage.to
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BB8263A.dll Infected: Trojan.Win32.Scagent.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D192890.dll Infected: Trojan-Downloader.Win32.Agent.j
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4234120D.tmp Infected: Worm.Win32.VB.an
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\087A16B8.zip/Bubble.class Infected: Trojan.Java.ClassLoader.Dummy.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\087A16B8.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\087A16B8.zip Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\087D40B4.tmp Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61474298.tmp Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08AE367E.tmp Infected: Trojan.Java.StartPage.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08C55C65.tmp Infected: Trojan.Java.StartPage.j
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08DC024C.zip/NudeBox.class Infected: Trojan.Java.ClassLoader.Dummy.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08DC024C.zip/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08DC024C.zip Infected: Trojan.Java.Femad
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08E92A3E.tmp Infected: Trojan-Downloader.Java.OpenConnection.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08EC543A.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08EC543A.zip Infected: Trojan-Downloader.Java.OpenStream.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F32833.zip/Beyond.class Infected: Trojan.Java.Needy.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F32833.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.t
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F32833.zip/VerifierBug.class Infected: Trojan.Java.Needy.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F32833.zip Infected: Trojan.Java.Needy.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F97C2C.tmp Infected: Trojan-Downloader.Java.OpenConnection.g
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08FD2628.zip/Bubble.class Infected: Trojan.Java.ClassLoader.Dummy.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08FD2628.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08FD2628.zip Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09037A21.zip/Bubble.class Infected: Trojan.Java.ClassLoader.Dummy.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09037A21.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09037A21.zip Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091A2008.zip/Bubble.class Infected: Trojan.Java.ClassLoader.Dummy.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091A2008.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091A2008.zip Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091D4A04.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091D4A04.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091D4A04.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091D4A04.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\091D4A04.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09207401.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09207401.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09207401.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09207401.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09207401.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\025F1E76.zip/Counter.class Infected: Trojan.Java.ClassLoader.ab
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\025F1E76.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\025F1E76.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenConnection.x
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\025F1E76.zip Infected: Trojan-Downloader.Java.OpenConnection.x
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09241DFD.zip/Bubble.class Infected: Trojan.Java.ClassLoader.Dummy.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09241DFD.zip/VerifierBug.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09241DFD.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09241DFD.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09241DFD.zip Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09241DFD.tmp Infected: Exploit.Java.Bytverify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48277C75.tmp Infected: Exploit.Java.Bytverify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\405726C3.tmp Infected: Trojan.Java.Femad
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092747F9.tmp Infected: Trojan.Java.Femad
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DF05A74.tmp Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\68A13619.tmp Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092D1BF2.tmp Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19801673.tmp Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092D1BF2.zip/Counter.class Infected: Trojan.Java.ClassLoader.ab
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092D1BF2.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092D1BF2.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenConnection.x
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\092D1BF2.zip Infected: Trojan-Downloader.Java.OpenConnection.x
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094441D9.tmp Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01F9286E.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\53404026.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094441D9.zip/Bubble.class Infected: Trojan.Java.ClassLoader.Dummy.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094441D9.zip/VerifierBug.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094441D9.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094441D9.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\094441D9.zip Infected: Trojan-Downloader.Java.OpenStream.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09486BD6.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09486BD6.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09486BD6.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09486BD6.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\09486BD6.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24AA5C6A.tmp Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\095B67C0.tmp Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\098F0787.cla Infected: Trojan.Java.Nocheat
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46F51A5E.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71F420F1.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\31322D71.cla Infected: Trojan.Java.Nocheat
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63996AA3.cla Infected: Trojan.Java.ClassLoader.ac
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A7037F8.cla Infected: Trojan.Java.ClassLoader.ac
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2586639D.cla Infected: Trojan.Java.Nocheat
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C3978FD.tmp Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C843EAA.dll Infected: Trojan-Downloader.Win32.Agent.t
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C843EAA.exe Infected: Trojan-Downloader.Win32.IstBar.cq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56E43A63.dll Infected: Trojan-Clicker.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C8768A7.exe Infected: Trojan-Clicker.Win32.Small.dg
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C8768A7.dll Infected: Trojan-Clicker.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C8B12A3.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C9B6491.exe Infected: Trojan-Downloader.Win32.IstBar.kn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C9E0E8E.exe Infected: Trojan-Downloader.Win32.INService.jj
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10B6665C.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CA80C83.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CAB367F.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CAF607C.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\620E005A.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CB20A78.exe Infected: Trojan-Downloader.Win32.IstBar.jn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CC25C66.exe Infected: Trojan-Dropper.Win32.Small.hx
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CC50663.exe Infected: Trojan.Win32.Dialer.ay
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CCF0458.tmp Infected: Trojan.Win32.Small.ai
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\244E53C6.tmp Infected: Backdoor.Win32.Agobot.afg
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3A650A9B.dll Infected: Trojan.Win32.Golid.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3A683498.dll Infected: Trojan.Win32.Golid.e
C:\WINDOWS\win32.bmp Infected: Trojan-Clicker.JS.gen
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-5157872c-6e40ded9.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-5157872c-6e40ded9.zip Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-2d9cf1ea.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-2d9cf1ea.zip Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\archiver.jar-3ed845c4-26739389.zip/Beyond.class Infected: Trojan.Java.StartPage.o
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\archiver.jar-3ed845c4-26739389.zip Infected: Trojan.Java.StartPage.o
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\archive.jar-6dc51850-73f2ff91.zip/Beyond.class Infected: Trojan.Java.StartPage.c
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\archive.jar-6dc51850-73f2ff91.zip Infected: Trojan.Java.StartPage.c
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\archiveb1.jar-2921e73b-73bc8bf5.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.g
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\archiveb1.jar-2921e73b-73bc8bf5.zip Infected: Trojan-Downloader.Java.OpenConnection.g
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\randompic.jar-398ffebd-464c0c42.zip/Beyond.class Infected: Trojan.Java.StartPage.o
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\randompic.jar-398ffebd-464c0c42.zip Infected: Trojan.Java.StartPage.o
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\nocheat.jar-67b60e84-3a1631f1.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenConnection.s
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\nocheat.jar-67b60e84-3a1631f1.zip Infected: Trojan-Downloader.Java.OpenConnection.s
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-4624f2de.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.e
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-4624f2de.zip Infected: Trojan-Downloader.Java.OpenConnection.e
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-6df91e85-1b4889da.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.e
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\ar3.jar-6df91e85-1b4889da.zip Infected: Trojan-Downloader.Java.OpenConnection.e
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\loader.jar-771ffd62-64835cff.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Frank\.jpi_cache\jar\1.0\loader.jar-771ffd62-64835cff.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Frank\.jpi_cache\file\1.0\SecurityClassLoader.class-71f415b5-3da43ba7.class Infected: Exploit.JS.ScriptSrc.a
C:\Documents and Settings\Frank\.jpi_cache\file\1.0\SecurityClassLoader.class-2c965182-43fa8eec.class Infected: Exploit.JS.ScriptSrc.a
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\KX4Q9Y59\T[1].CHM/load.exe Infected: Trojan-Downloader.Win32.Apher.gen
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\KX4Q9Y59\T[1].CHM Infected: Trojan-Downloader.Win32.Apher.gen
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\KX4Q9Y59\x[1].chm/exec.htm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\KX4Q9Y59\x[1].chm/update.exe Infected: Trojan-Dropper.Win32.Small.qi
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\KX4Q9Y59\x[1].chm/x.htm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\KX4Q9Y59\x[1].chm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Zachary\Local Settings\Temporary Internet Files\Content.IE5\X06X2TZP\counter[1].htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\Taylor\Local Settings\Temp\sp.html Infected: Trojan.JS.StartPage.u
C:\Documents and Settings\Dave Barnes\Local Settings\Temp\sp.html Infected: Trojan.JS.StartPage.u

Scan process completed.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

(10-20-05 05:30:12 PM) SPSeHjFix started v1.1.2
(10-20-05 05:30:12 PM) OS: WinXP (5.1.2600)
(10-20-05 05:30:12 PM) Language: english
(10-20-05 05:30:12 PM) Win-Path: C:\WINDOWS
(10-20-05 05:30:12 PM) System-Path: C:\WINDOWS\System32
(10-20-05 05:30:12 PM) Temp-Path: C:\DOCUME~1\Frank\LOCALS~1\Temp\
(10-20-05 05:31:24 PM) Disinfection started
(10-20-05 05:31:25 PM) Bad-Dll(IEP): (not found)
(10-20-05 05:31:25 PM) Bad-Dll(IEP) in BHO: (not found)
(10-20-05 05:31:25 PM) UBF: 6 - UBB: 12 - UBR: 41
(10-20-05 05:31:25 PM) FilterKey: HKCR\text/html (deleted)
(10-20-05 05:31:25 PM) FilterKey: HKCR\CLSID\{E7BC0840-29E4-4C79-9B2C-D60AE1F101D6} (deleted)
(10-20-05 05:31:25 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(10-20-05 05:31:25 PM) FilterKey: HKCR\text/plain (deleted)
(10-20-05 05:31:25 PM) FilterKey: HKCR\CLSID\{E7BC0840-29E4-4C79-9B2C-D60AE1F101D6} (error while deleting)
(10-20-05 05:31:25 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(10-20-05 05:31:25 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BABDB640-49B3-467C-B813-5CD43C7BBC44} (deleted)
(10-20-05 05:31:25 PM) BHO-Key: HKCR\CLSID\{BABDB640-49B3-467C-B813-5CD43C7BBC44} (deleted)
(10-20-05 05:31:25 PM) UBF: 4 - UBB: 11 - UBR: 41
(10-20-05 05:31:25 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
(10-20-05 05:31:25 PM) Stealth-String not found
(10-20-05 05:31:25 PM) File added to delete: c:\windows\system32\cgb.dll
(10-20-05 05:31:25 PM) Reboot


(10-20-05 05:34:09 PM) SPSeHjFix started v1.1.2
(10-20-05 05:34:09 PM) OS: WinXP (5.1.2600)
(10-20-05 05:34:09 PM) Language: english
(10-20-05 05:34:09 PM) Win-Path: C:\WINDOWS
(10-20-05 05:34:09 PM) System-Path: C:\WINDOWS\System32
(10-20-05 05:34:09 PM) Temp-Path: C:\DOCUME~1\Frank\LOCALS~1\Temp\
(10-20-05 05:34:54 PM) Disinfection started
(10-20-05 05:34:54 PM) Bad-Dll(IEP): (not found)
(10-20-05 05:34:54 PM) Bad-Dll(IEP) in BHO: (not found)
(10-20-05 05:34:54 PM) UBF: 4 - UBB: 11 - UBR: 41
(10-20-05 05:34:54 PM) UBF: 4 - UBB: 11 - UBR: 41
(10-20-05 05:34:54 PM) Bad IE-pages: (none)
(10-20-05 05:34:54 PM) Stealth-String not found
(10-20-05 05:34:54 PM) Not infected->END

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:30 PM

Posted 22 October 2005 - 07:17 AM

Hello,

Can you also post a new hijackthisog made in normal mode?
But before you do, I see you forgot to run Ccleaner before scanning with the scanners.
So that's why I suggest you run Ccleaner now, to get rid of the infected files present in your tempfolders.

Also delete next file:

C:\WINDOWS\win32.bmp

Post a new hijackthislog afterwards. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:30 PM

Posted 01 November 2005 - 07:21 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users