Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Anyone heard of SpyZooka

  1. 2005-12-29, 18:20 #1
    Firebird
    Firebird is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    Raunds, Northants
    Posts
    0

    Default Anyone heard of SpyZooka

    Hi, I am at my wits end! I have come to you in desperation. I am infected with spyaxe and I have had millions of antispyware on my pc and I cant get rid of it.

    I have come accross SpyZooka.com which guarantees 100% removal of all spyware or your money back. Has anyone heard of it?

    Help would be very much appreciated.
  2. 2005-12-29, 22:37 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hi there.
    If you have not asked for help at another site then please go here and follow instructions.
    Before you post a log

    Then post the hjt log in this thread so that someone can take a look at the system.

    As to SpyZooka.
    http://www.spywarewarrior.com/rogue_...ware.htm#notes

    Cheers.

    Please do not start multiple topics for the same problem, the other two topics were removed.
    We need to see the hjt log please, no need for other logs unless requested.

    Thank you.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  3. 2005-12-29, 23:02 #3
    Firebird
    Firebird is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    Raunds, Northants
    Posts
    0

    Default

    I am currently following the instructions for the spyaxe removal and got to Ad-adware follow the instructions here which askes me

    "6) When the scan has completed, click "Show Logfile". Copy/paste the complete log file in a thread of your own. Do not quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted".

    am I doing the right thing or am I just chasing my tail?::(
  4. 2005-12-29, 23:09 #4
    Firebird
    Firebird is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    Raunds, Northants
    Posts
    0

    Default Hijackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 22:07:04, on 29/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\mssearchnet.exe
    C:\WINDOWS\system32\nvctrl.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CConnect\CConnect.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\SpyZooka24\spyzooka.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\SecuritySuite.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ntlhome.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp10E0.tmp
    O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka24\SpyZookaLdr.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135786105593
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/w...oft/wtinst.cab
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  5. 2005-12-29, 23:11 #5
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hi there, I can see why it became confusing as the link to freedomlist showed how to post an AAW log at that site.

    However here we request that you follow the instructions for posting in this forum which is as follows:

    J. Create a topic of your own (or a reply if you have an existing topic) and post the following logs:
    The first HijackThis log
    The contents of the C:\smitfiles.txt log
    The Ewido Log.
    The second HijackThis log

    I will edit the topic that was posted earlier today so there will not be any more confusion.

    Sorry about that. Let's just start with the HJT log.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  6. 2005-12-29, 23:18 #6
    Firebird
    Firebird is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    Raunds, Northants
    Posts
    0

    Default

    So I need do nothing more yet until someone comes back to me after looking at the Hjt log I have just posted?

    Thanks so much for your help.
  7. 2005-12-30, 01:29 #7
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hello Firebird

    Download smitRem.exe and save the file to your desktop. (By noahdfear.)
    Double click on the file to extract it to it's own folder on the desktop.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Next, please reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.


    Start Hijackthis and place a check next to these items If there.
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp10E0.tmp
    O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
    O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka24\SpyZookaLdr.exe
    ====================================
    Hit fix checked and close Hijackthis.

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.
    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
    Open Spybot check for and fix any problems found.
    Open Ad-aware and do a full scan. Remove all it finds.

    Run Ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    Close Ewido

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Restart back to a normal windows session
    Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

    Get this free onlines scan and post the results
    Kaspersky Lab - Free Online scan:
    http://www.kaspersky.com/virusscanner
    Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
    Then choose: my computer: scan all your hard drives and mapped disks.
    when finished click save as text and post that in your reply.

    Post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
    Let us know if any problems persis
  8. 2005-12-30, 15:29 #8
    Firebird
    Firebird is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    Raunds, Northants
    Posts
    0

    Default Hijackthis log #2

    Logfile of HijackThis v1.99.1
    Scan saved at 14:26:29, on 30/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\Program Files\CConnect\CConnect.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ntlhome.com
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135786105593
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/w...oft/wtinst.cab
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  9. 2005-12-30, 15:31 #9
    Firebird
    Firebird is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    Raunds, Northants
    Posts
    0

    Default Kaspersky log

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Friday, December 30, 2005 14:23:43
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 30/12/2005
    Kaspersky Anti-Virus database records: 168306
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 55564
    Number of viruses found: 4
    Number of infected objects: 15
    Number of suspicious objects: 0
    Duration of the scan process: 6763 sec

    Infected Object Name - Virus Name
    C:\Documents and Settings\Mike Bond\Desktop\Mijn Playplay.exe Infected: not-a-virus:Dialer.Win32.Dialxs.b
    C:\Documents and Settings\Mike Bond\Local Settings\Temp\dfiTempA.exe Infected: not-a-virus:Dialer.Win32.Dialxs.b
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP712\A0077043.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP713\A0077089.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP713\A0077105.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP713\A0077425.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP713\A0077744.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP713\A0077773.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP714\A0077942.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP714\A0077996.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP715\A0078039.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP715\A0078055.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP716\A0078099.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP716\A0078100.exe Infected: Trojan-Downloader.Win32.Zlob.bu
    C:\System Volume Information\_restore{311E6A08-95AE-4983-A563-0B10CCED3453}\RP716\A0078109.dll Infected: not-virus:Hoax.Win32.Renos.ak

    Scan process completed.
  10. 2005-12-30, 15:33 #10
    Firebird
    Firebird is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    Raunds, Northants
    Posts
    0

    Default ewido log

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 12:09:29, 30/12/2005
    + Report-Checksum: FAAF35AB

    + Scan result:

    HKU\S-1-5-21-1974565712-4269483969-3991436212-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
    HKU\S-1-5-21-1974565712-4269483969-3991436212-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75D2080B-4857-4B96-9B7D-732634FBD01F} -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1974565712-4269483969-3991436212-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
    HKU\S-1-5-21-1974565712-4269483969-3991436212-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1974565712-4269483969-3991436212-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Cleaned with backup
    HKU\S-1-5-21-1974565712-4269483969-3991436212-1005\Software\Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
    HKU\S-1-5-21-1974565712-4269483969-3991436212-1005_Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
    [1600] C:\WINDOWS\system32\wbeconm.dll -> Downloader.SpyAxe : Cleaned with backup
    C:\Documents and Settings\Kristy Bond\Cookies\kristy bond@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Kristy Bond\Cookies\kristy bond@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Kristy Bond\Cookies\kristy bond@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\IESkins -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\reports.txt -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\HostOI -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\HostOI\dynamic -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\HostOI\static -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\HostOL -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\HostOL\dynamic -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\HostOL\static -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25466 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28750 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31919 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33697 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46021 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\48166 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53541 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\583049 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73922 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\74576 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\77468 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90008 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91589 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_fastutilities.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_fastutilities.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Mike Bond\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu -> Spyware.HotBar : Cleaned with backup
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules