Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please! Hijackthis Log


  • This topic is locked This topic is locked
5 replies to this topic

#1 Ratoncito

Ratoncito

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 11 September 2006 - 11:34 PM

I'm having an extremely difficult time finding out what's causing Google to occasionally redirect to adult websites. I've run everything: Spybot, Stinger, Ad-Aware, Ewido, etc. All I've got left is the log below - hopefully someone can help. Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 12:16:53 AM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\mysql\bin\winmysqladmin.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1124224335\ee\AOLHostManager.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\AOL\1124224335\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1124224335\ee\AOLServiceHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Christopher Newman\Desktop\Desktop Folders\Shortcuts\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Profiles\default\b2mdsm8a.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124224335\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: RentRight Reminder System.lnk = C:\RentVer3\reminder.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4E8010-E605-4061-8EE6-6CF0DAA74DA8}: NameServer = 85.255.113.138,85.255.112.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{78FC2A6A-3AF4-4666-84B1-B255EB398F73}: NameServer = 85.255.113.138,85.255.112.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{E35B7CDE-34D6-4172-B312-6B547A2FDA17}: NameServer = 85.255.113.138,85.255.112.18
O23 - Service: CADopia License Manager - Macrovision Corporation - C:\PROGRA~1\Cadopia\INTELL~1\LicenseManager\lmgrd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Flexlm (lmgrd) - Macrovision Corporation - C:\Program Files\Cadopia\IntelliCAD 4\LicenseManager\lmgrd.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 12 September 2006 - 10:36 AM

Hello Ratoncito, and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Please take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 12 September 2006 - 11:36 AM

Hello Ratoncito, sorry for the delay in getting back to you.

======

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

======

You have Viewpoint Manager installed on your computer.

Viewpoint components are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto‑updating for the Viewpoint Manager" ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

link

I recommend that you remove the Viewpoint products; however, decide for yourself. If you choose to remove it, please uninstall all references to Viewpoint in Add/Remove Programs.

======

I see that you already have Ewido installed on your computer, but you will still need to update the definition files.
  • On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
Close ewido anti-spyware
======

Scan with HijackThis and put a checkmark next to each of the following entries (if present):

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4E8010-E605-4061-8EE6-6CF0DAA74DA8}: NameServer = 85.255.113.138,85.255.112.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{78FC2A6A-3AF4-4666-84B1-B255EB398F73}: NameServer = 85.255.113.138,85.255.112.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{E35B7CDE-34D6-4172-B312-6B547A2FDA17}: NameServer = 85.255.113.138,85.255.112.18


Note: only fix the entry in blue if you chose to uninstall Viewpoint Manager.

Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

======

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.

======

You will be asked to reboot your computer; please do so. Please restart it into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.

======
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  • Ewido will now begin the scanning process, be patient this may take a little time.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close ewido.
======

Please delete the following folder if you chose to uninstall Viewpoint:

C:\Program Files\Viewpoint <--This folder

======

Reboot your computer into Normal Mode once again.

======

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

======

Post back with the following (please note that it may need more than one reply to fit them all in):
-C:\fixwareout\report.txt
-New HijackThis log
-Ewido log

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 Ratoncito

Ratoncito
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 12 September 2006 - 09:49 PM

Charles, thanks very much for your reply. I've followed the steps you prescribed, and I'll attach each log in its own post. First is the Ewido report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:34:09 PM 9/12/2006

+ Scan result:



C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-78c6117d.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-11e641d2.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f8050ce-600e5942.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58be97fb-179ca672.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6bc0c227-7c0bda8b.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6bfe7dce-426f6c20.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-78940e7c-2e661683.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-79139cf9-36c78874.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7d9192de-13ecb7a3.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7eb4d059-11d056d1.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\clsld.jar-49a517fa-343e994c.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-31429ca7.zip/Installer.class -> Downloader.OpenConnection.v : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-13b27f42-53394926.zip/MyFunction.class -> Dropper.Small.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-351299c1-61e08c9c.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3b4c87ad-20bbbc41.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-4f65e3a2-6be2eb0f.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-4f685b9c.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-3a71e878-41e2bd58.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv249.jar-2f527d96-24d8168e.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderfox.jar-805f84e-410db07a.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\InsecureClassLoader.class-358051d1-701be807.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-3a71e878-41e2bd58.zip/Counter.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-78c6117d.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-11e641d2.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f8050ce-600e5942.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58be97fb-179ca672.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6bc0c227-7c0bda8b.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6bfe7dce-426f6c20.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-78940e7c-2e661683.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-79139cf9-36c78874.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7d9192de-13ecb7a3.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7eb4d059-11d056d1.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\clsld.jar-49a517fa-343e994c.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-31429ca7.zip/InsecureClassLoader.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
:mozilla.370:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.183:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.352:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.388:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.445:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Cookies\christopher newman@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Cookies\christopher newman@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.468:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.469:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.364:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.365:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Cookies\christopher newman@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Cookies\christopher newman@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.331:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.332:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.339:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.341:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Cookies\christopher newman@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.528:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
:mozilla.526:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.527:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.500:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.330:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.473:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Firefox\Profiles\ard3joxk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-78c6117d.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-11e641d2.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f8050ce-600e5942.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-58be97fb-179ca672.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6bc0c227-7c0bda8b.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6bfe7dce-426f6c20.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-78940e7c-2e661683.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-79139cf9-36c78874.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7d9192de-13ecb7a3.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7eb4d059-11d056d1.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\clsld.jar-49a517fa-343e994c.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-31429ca7.zip/GetAccess.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-13b27f42-53394926.zip/MainApp.class -> Trojan.ClassLoader.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv249.jar-2f527d96-24d8168e.zip/Counter.class -> Trojan.ClassLoader.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderfox.jar-805f84e-410db07a.zip/Counter.class -> Trojan.ClassLoader.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Christopher Newman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-3a71e878-41e2bd58.zip/Beyond.class -> Trojan.Femad : Cleaned with backup (quarantined).


::Report end



and the fixwareout log:


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Searching by size/names...


Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

Misc files.

Checking for older varients covered by the Rem3 tool.


and finally the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:42:47 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Common Files\AOL\1124224335\ee\AOLHostManager.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Common Files\AOL\1124224335\ee\AOLServiceHost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1124224335\ee\AOLServiceHost.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Christopher Newman\Desktop\Desktop Folders\Shortcuts\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Christopher Newman\Application Data\Mozilla\Profiles\default\b2mdsm8a.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124224335\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: RentRight Reminder System.lnk = C:\RentVer3\reminder.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: CADopia License Manager - Macrovision Corporation - C:\PROGRA~1\Cadopia\INTELL~1\LicenseManager\lmgrd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Flexlm (lmgrd) - Macrovision Corporation - C:\Program Files\Cadopia\IntelliCAD 4\LicenseManager\lmgrd.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-Phot

#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 13 September 2006 - 10:46 AM

Hello Ratoncito, sorry for the delay in getting back to you.

======

I don't think you posted the full HijackThis log this time, so please make sure that you do this next time: there may be some important bits that were cut off.

======

I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program. If it asks to reboot, do not reboot.

======

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

======

Update Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have this icon next to it: Posted Image
    Select it and click Remove.
  • The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 8' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
======

Please post back with the following:
-New Hijackthis log (make sure you post the full one this time :thumbsup: )
-How is the computer running now?

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:04:54 AM

Posted 21 September 2006 - 10:53 AM

due to lack of feedback, this topic is now closed

contact the forum staff to get it reopened, this applies to the topic starter only
everyone else start a new topic

thank you rookie147 :thumbsup:
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users