Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Need some help with last bit of spyware

  1. #1
    Junior Member
    Join Date
    Dec 2005
    Posts
    0

    Default Need some help with last bit of spyware

    Hi, I recently got some spyware and while I was able to get rid of most of it, I'm still having some problems. Everytime I restart my computer I get a message from my antivirus program (McAfee) saying it deleted the trojans "adsldpbf.dll1" and "alt.exe1" but it gives the message all the time so its not getting rid of them. When I hit crtl+alt+del, I get an message saying "Task Manager has been disabled by your administrator." My firewall from McAfee has been taken down and when I try to put it back up i get a message saying "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service." I don't know if this is connected to the reason why I can't access this computer from another computer on the same network. Also, when I restart a blank blue screen shows up and sometimes instead of the wallpaper loading i get a screen saying "restore active desktop". Sorry for listing so many problems i didn't realize it was so long until I typed it out! Thanks in advance for any suggestions.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:45:55 AM, on 12/29/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Windows Media Connect 2\WMCCFG.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\igps.exe
    c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\z00096.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\PROGRA~1\DELLSU~1\DSAgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [0kg00xc4.dll] RUNDLL32.EXE 0kg00xc4.dll,b 79642296
    O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
    O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
    O4 - HKLM\..\Run: [Contextual Tool] C:\WINDOWS\z00096.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\uwfx5.exe /scan
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar1\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
    O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Welcome to the forum Krausker

    In addremove program uninstall quicklinks

    Download smitRem.exe and save the file to your desktop. (By noahdfear.)
    Double click on the file to extract it to it's own folder on the desktop.

    Please download the trial version of Ewido Security Suite here:
    install then from within the program check for updates BUT dont scan yet
    ewido security suite: http://www.ewido.net/en/download/
    When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
    We will fix this in a moment.
    From the main ewido screen, click on update in the left menu, then click the Start update button.
    After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
    Do NOT run a scan yet.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Next, please reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.
    Start Hijackthis and place a check next to these items If there.
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
    O4 - HKLM\..\Run: [0kg00xc4.dll] RUNDLL32.EXE 0kg00xc4.dll,b 79642296
    O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
    O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
    O4 - HKLM\..\Run: [Contextual Tool] C:\WINDOWS\z00096.exe
    O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\uwfx5.exe /scan
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
    ====================================
    Hit fix checked and close Hijackthis.

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.
    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

    Open Spybot check for and fix any problems found.

    Run Ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    Close Ewido

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Restart back to a normal windows session
    Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

    Download and run win32delfkil
    http://users.telenet.be/marcvn/tools/win32delfkil.exe

    Restart your pc afterwards

    Get this free onlines scan and post the results
    Kaspersky Lab - Free Online scan:
    http://www.kaspersky.com/virusscanner
    Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
    Then choose: my computer: scan all your hard drives and mapped disks.
    when finished click save as text and post that in your reply.

    Post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
    Let us know if any problems persist

  3. #3
    Junior Member
    Join Date
    Dec 2005
    Posts
    0

    Default thank you!

    Thank you for the help. All of the issues went away and just a few remain. I can't put a picture for my wallpaper; I can only pick one of the presets that comes with windows. It will also let me get into the firewell settings but it still won't turn the firewall on. And the start menu and folder also look like they are in safe mode when its actually in normal mode.


    Logfile of HijackThis v1.99.1
    Scan saved at 10:31:40 AM, on 1/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\D-Tools\daemon.exe
    c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Windows Media Connect 2\WMCCFG.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\DELLSU~1\DSAgnt.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\explorer.exe
    C:\hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar1\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
    O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

  4. #4
    Junior Member
    Join Date
    Dec 2005
    Posts
    0

    Default

    mitRem log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: Mon 01/02/2006
    The current time is: 21:44:24.56

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Install.dat


    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~

    logfiles


    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 856 'explorer.exe'
    Killing PID 856 'explorer.exe'

    Starting registry repairs

    Deleting files


    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Miscellaneous Files/folders ~~~




    ~~~ Wininet.dll ~~~

    CLEAN!




    ido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 12:53:09 AM, 1/3/2006
    + Report-Checksum: 49E692D1

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01} -> Downloader.Delf.aeo : Cleaned with backup
    HKU\S-1-5-21-925917626-21230110-2438004832-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
    HKU\S-1-5-21-925917626-21230110-2438004832-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-925917626-21230110-2438004832-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Cleaned with backup
    HKU\S-1-5-21-925917626-21230110-2438004832-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Cleaned with backup
    [1212] C:\WINDOWS\system32\browsela.dll -> Downloader.Delf.aeo : Cleaned with backup
    [1408] C:\WINDOWS\system32\browsela.dll -> Downloader.Delf.aeo : Cleaned with backup
    [1032] C:\WINDOWS\alt.exe -> Hijacker.Delf.eb : Cleaned with backup
    C:\boot.inx -> Downloader.Delf.aeq : Cleaned with backup



    HKLM\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01} -> Downloader.Delf.aeo : Cleaned with backup
    [1212] C:\WINDOWS\system32\browsela.dll -> Downloader.Delf.aeo : Cleaned with backup
    [1408] C:\WINDOWS\system32\browsela.dll -> Downloader.Delf.aeo : Cleaned with backup
    [988] C:\WINDOWS\alt.exe -> Hijacker.Delf.eb : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    -> : Error during cleaning
    :mozilla.38:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.94:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.103:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

  5. #5
    Junior Member
    Join Date
    Dec 2005
    Posts
    0

    Default

    :mozilla.115:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.119:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.142:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.143:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.144:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.158:C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\test\zz8dt7w3.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Paul\Cookies\paul@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\23QNOP8V\country[1].htm -> Trojan.Small : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\23QNOP8V\inrh9400[1].exe -> Downloader.Small.bke : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\23QNOP8V\inst_0004[1].exe -> Downloader.Small.cam : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\23QNOP8V\ms1[1].htm -> Downloader.Tiny.al : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\23QNOP8V\paytime[1].txt -> Hijacker.StartPage.agt : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\23QNOP8V\tool4[1].txt -> Not-A-Virus.SpamTool.Win32.Mailbot.q : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\23QNOP8V\tool[1].exe -> Downloader.Small.cah : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AXEJ6VO9\ltndload[1].dll -> Adware.Sud : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AXEJ6VO9\toolbar[1].txt -> Downloader.Adload.j : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AXEJ6VO9\xpladv470[1].wmf -> Downloader.Agent.acd : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AXEJ6VO9\xpl[1].wmf -> Downloader.Agent.acd : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O3O96P2T\9400[1].cab/Quicklinks.exe -> Adware.MDH : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O3O96P2T\dial[1].exe -> Downloader.Small.awa : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O3O96P2T\installerus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O3O96P2T\loaderadv470[1].exe -> Downloader.Small.cdk : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O3O96P2T\msits[1].exe -> Downloader.Delf.aeq : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O3O96P2T\tool5[1].txt -> Trojan.Small : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YZWF23MN\drsmartload[1].exe -> Downloader.Adload.l : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YZWF23MN\soft3[1].exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YZWF23MN\tool2[1].txt -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YZWF23MN\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\Documents and Settings\Paul\zxczxc -> Downloader.Small.cah : Cleaned with backup
    C:\drsmartload1.exe -> Downloader.Adload.l : Cleaned with backup
    C:\inrh9400.exe -> Downloader.Small.bke : Cleaned with backup
    C:\installerus.exe -> Downloader.Qoologic.at : Cleaned with backup
    C:\inst_0004.exe -> Downloader.Small.cam : Cleaned with backup
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Agent.bu : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Zapchast.ad : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
    C:\quarantine\dk.dial.Vir -> Trojan.Dialer.ay : Error during cleaning
    C:\quarantine\dk.dial.Vir.0 -> Trojan.Dialer.ay : Error during cleaning
    C:\quarantine\gdnOT2202[1].exe.Vir -> Trojan.Dialer.ay : Error during cleaning
    C:\quarantine\gdnOT2202[1].exe.Vir.0 -> Trojan.Dialer.ay : Error during cleaning
    C:\quarantine\kl.exe.Vir -> Trojan.Agent.bu : Cleaned with backup
    C:\quarantine\kl[1].txt.Vir -> Trojan.Agent.bu : Cleaned with backup
    C:\quarantine\Mein.class.Vir -> Trojan.Binny.a : Error during cleaning
    C:\quarantine\Mein.class.Vir.0 -> Trojan.Binny.a : Error during cleaning
    C:\quarantine\Mein.class.Vir.1 -> Trojan.Binny.a : Error during cleaning
    C:\quarantine\Mein.class.Vir.2 -> Trojan.Binny.a : Error during cleaning
    C:\quarantine\Mein.class.Vir.3 -> Trojan.Binny.a : Error during cleaning
    C:\quarantine\Mein.class.Vir.4 -> Trojan.Binny.a : Error during cleaning
    C:\quarantine\Mein.class.Vir.5 -> Trojan.Binny.a : Error during cleaning
    C:\quarantine\Password Cracker.exe.Vir -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.0 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.1 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.2 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.3 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.4 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.5 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.6 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.7 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.8 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\Password Cracker.exe.Vir.9 -> Dialer.Generic : Cleaned with backup
    C:\quarantine\prompt[1].htm.Vir -> Downloader.IstBar.j : Error during cleaning
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0055903.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0055925.exe -> Adware.Suggestor : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0055929.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0055961.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0055967.exe -> Adware.Suggestor : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0055984.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0056017.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0056022.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0056028.exe -> Trojan.Small : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0056029.exe -> Trojan.Small : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0056030.exe -> Downloader.Tiny.al : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0056034.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0056042.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\WINDOWS\adsldpbf.dll -> Downloader.Delf.lh : Cleaned with backup
    C:\WINDOWS\alt.exe -> Hijacker.Delf.eb : Cleaned with backup
    C:\WINDOWS\g81284218.dll -> Downloader.Delf.aeo : Cleaned with backup
    C:\WINDOWS\SYSTEM32\0kg00xc4.dll -> Adware.Sud : Cleaned with backup
    C:\WINDOWS\SYSTEM32\browsela.dll -> Downloader.Delf.aeo : Cleaned with backup
    C:\WINDOWS\SYSTEM32\DRIVERS\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
    C:\WINDOWS\SYSTEM32\msctl32.dll -> Not-A-Virus.SpamTool.Win32.Mailbot.q : Cleaned with backup
    C:\WINDOWS\SYSTEM32\Quicklinks.exe -> Adware.MDH : Cleaned with backup
    C:\WINDOWS\SYSTEM32\z11.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
    C:\WINDOWS\SYSTEM32\z12.exe -> Downloader.Small.awa : Cleaned with backup
    C:\WINDOWS\SYSTEM32\z13.exe -> Downloader.Small.cah : Cleaned with backup
    C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
    C:\WINDOWS\tool4.exe -> Not-A-Virus.SpamTool.Win32.Mailbot.q : Cleaned with backup
    C:\WINDOWS\z00096.exe -> Adware.VB : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01} -> Downloader.Delf.aeo : Cleaned with backup
    [1212] C:\WINDOWS\system32\browsela.dll -> Downloader.Delf.aeo : Cleaned with backup
    [2020] C:\WINDOWS\system32\browsela.dll -> Downloader.Delf.aeo : Cleaned with backup

    ::Report End

  6. #6
    Junior Member
    Join Date
    Dec 2005
    Posts
    0

    Default

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Tuesday, January 03, 2006 08:57:31
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 3/01/2006
    Kaspersky Anti-Virus database records: 168772
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 133225
    Number of viruses found: 18
    Number of infected objects: 81
    Number of suspicious objects: 0
    Duration of the scan process: 12201 sec

    Infected Object Name - Virus Name
    C:\AGEU_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
    C:\AGEU_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
    C:\AGEU_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aec160b-22ad974e.zip/Mein.class Infected: Trojan.Java.Binny.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aec160b-22ad974e.zip/Beyond.class Infected: Trojan.Java.Binny.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aec160b-22ad974e.zip/binny/binny.class Infected: Trojan.Java.Binny.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aec160b-22ad974e.zip Infected: Trojan.Java.Binny.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-2e7c4a46.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-2e7c4a46.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-2e7c4a46.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-2e7c4a46.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.j
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip/Beyond.class Infected: Trojan-Dropper.Java.Beyond.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip Infected: Trojan.Java.ClassLoader.Dummy.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-5ea31f87.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-5ea31f87.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-5ea31f87.zip Infected: Trojan-Downloader.Java.OpenConnection.aj
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-2f256588.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-2f256588.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-2f256588.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-2f256588.zip Infected: Trojan.Java.ClassLoader.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv720.jar-6063ad6-7635e91b.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv720.jar-6063ad6-7635e91b.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv720.jar-6063ad6-7635e91b.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv720.jar-6063ad6-7635e91b.zip Infected: Trojan.Java.ClassLoader.d
    C:\Documents and Settings\Paul\Desktop\YouSendIt Downloads\Megaman X6 [PSX] (NTSC) (WWW.CME-GAMES.TK).zip/Megaman X6 [PSX] (NTSC) (WWW.CME-GAMES.TK)/Download More Free Games Fast!.html Infected: Trojan-Clicker.JS.Linker.g
    C:\Documents and Settings\Paul\Desktop\YouSendIt Downloads\Megaman X6 [PSX] (NTSC) (WWW.CME-GAMES.TK).zip Infected: Trojan-Clicker.JS.Linker.g
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YZWF23MN\1[1].htm Infected: Exploit.HTML.Mht
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YZWF23MN\DH9013[1].exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YZWF23MN\DH9013[1].exe Infected: Trojan-Clicker.Win32.Small.jf
    C:\SS1001.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
    C:\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
    C:\WINDOWS\SYSTEM32\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
    C:\WINDOWS\SYSTEM32\DH9013.exe Infected: Trojan-Clicker.Win32.Small.jf

    Scan process completed.

  7. #7
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    Start Hijackthis and place a check next to these items If there.
    Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
    O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll(file missing)
    O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
    ====================================
    Hit fix checked and close Hijackthis.

    Download System Security Suite.
    http://www.igorshpak.net/
    If that site is unavailable use this link please
    http://forums.subratam.org/index.php...=post&id=25013
    Extract it from the zip file and run setup.exe
    after the install you can delete setup.exe and the downloaded zip file
    Start the program Check all the boxes under the 'Items to Clear' (except perhaps cookies) tab and click
    'Clear Selected Items'. You will be prompted to reboot, do so.

    In the windows Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. click the apperence tab under Windows and buttons change it to Windows XP style > click apply and OK.

    Id rather you install a third party firewall, are you interested ?

    Post a fresh hijackthis log

  8. #8
    Junior Member
    Join Date
    Dec 2005
    Posts
    0

    Default

    Thankyou once again.
    I was able to get rid of those two items with hijack but I could not do this step-

    "In the windows Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present."

    the only box there for me to check is my current homepage. Also that online scanner is still listing me with infections so I'm gonna post an updated version along with the hijack file. I am also ok with installing a third party firewall.

    Logfile of HijackThis v1.99.1
    Scan saved at 4:47:29 AM, on 1/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Windows Media Connect 2\WMCCFG.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\DELLSU~1\DSAgnt.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wj733yrc.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar1\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

  9. #9
    Junior Member
    Join Date
    Dec 2005
    Posts
    0

    Default

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, January 04, 2006 04:37:53
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 4/01/2006
    Kaspersky Anti-Virus database records: 168922
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 101203
    Number of viruses found: 17
    Number of infected objects: 78
    Number of suspicious objects: 0
    Duration of the scan process: 16072 sec

    Infected Object Name - Virus Name
    C:\AGEU_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
    C:\AGEU_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
    C:\AGEU_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aec160b-22ad974e.zip/Mein.class Infected: Trojan.Java.Binny.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aec160b-22ad974e.zip/Beyond.class Infected: Trojan.Java.Binny.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aec160b-22ad974e.zip/binny/binny.class Infected: Trojan.Java.Binny.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6aec160b-22ad974e.zip Infected: Trojan.Java.Binny.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-21bf4cdc.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6fe9436d.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-6f753871.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-351a86e6.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-5bba0283.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-598ba985-6cc66e3a.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-60c7614b-59c78fc3.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350b51-48951835.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d350ec1-3b1167ef.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-2e7c4a46.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-2e7c4a46.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-2e7c4a46.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-2e7c4a46.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.j
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip/Beyond.class Infected: Trojan-Dropper.Java.Beyond.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-65faee52-6bdbef98.zip Infected: Trojan.Java.ClassLoader.Dummy.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-5ea31f87.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-5ea31f87.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-5ea31f87.zip Infected: Trojan-Downloader.Java.OpenConnection.aj
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-2f256588.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-2f256588.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-2f256588.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-2f256588.zip Infected: Trojan.Java.ClassLoader.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv720.jar-6063ad6-7635e91b.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv720.jar-6063ad6-7635e91b.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv720.jar-6063ad6-7635e91b.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
    C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv720.jar-6063ad6-7635e91b.zip Infected: Trojan.Java.ClassLoader.d
    C:\Documents and Settings\Paul\Desktop\YouSendIt Downloads\Megaman X6 [PSX] (NTSC) (WWW.CME-GAMES.TK).zip/Megaman X6 [PSX] (NTSC) (WWW.CME-GAMES.TK)/Download More Free Games Fast!.html Infected: Trojan-Clicker.JS.Linker.g
    C:\Documents and Settings\Paul\Desktop\YouSendIt Downloads\Megaman X6 [PSX] (NTSC) (WWW.CME-GAMES.TK).zip Infected: Trojan-Clicker.JS.Linker.g
    C:\SS1001.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
    C:\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
    C:\WINDOWS\SYSTEM32\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
    C:\WINDOWS\SYSTEM32\DH9013.exe Infected: Trojan-Clicker.Win32.Small.jf

    Scan process completed.

  10. #10
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    I see browsela.dll is back, run win32delfkil again then restart your PC and fix this item with hiajckthis
    O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll

    Then run a full scan with the ewido program

    Delete these files
    C:\AGEU_SilentSudokuInstaller.exe
    C:\SS1001.exe
    C:\WINDOWS\SYSTEM32\DH9013.exe
    C:\Documents and Settings\Paul\Desktop\YouSendIt Downloads\Megaman X6 [PSX] (NTSC) (.CME-GAMES.TK). zip

    Clear Sunjava"s cache
    control panel > Java > click "delete temps files".

    Keep us informed

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •