Options

HJT Log: First Timer

Unknown
edited May 2006 in Spyware & Virus Removal
I discovered the short media forums in my search for a cure for my spyware. Another member of the household unknowingly downloaded what I'm assuming was Qoologic, since it then opened the door for more spyware. My AD Aware SE and other systems have since rooted out much of the spyware and the guides for Look2Me and Qoologic removal here on Short Media have been invaluable (and I thank you guys for that), but I'm sure that much still remains, as I still see warnings and popups.

In an effort to finally clear out my computer, I've taken the neccesary steps to download and use scanners, etc. (although the only online scanner that worked for my was Kaspersky) and I've readied my HJT Log. I look forward to your assistance.


Logfile of HijackThis v1.99.1
Scan saved at 9:06:14 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\defender22.exe
C:\windows\system32\dwdsregt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\kwinoqez.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll
O2 - BHO: (no name) - {46C638A8-FE1B-8CC8-3125-FD6A14D0D9CB} - C:\WINDOWS\system32\uyfqnk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C7E3127F9CAD75760EA83FA5EF80752B94E3D97B5F7D4F293FC4 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C45FC75F-3253-4E68-9E05-903DA469B410} - C:\Program Files\ComPlus Applications\horedos.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: H2Press toolbar - {4fcc864f-07ef-4409-95f5-cf62803e7d0e} - C:\Program Files\H2Press\tbH2Pr.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [defender] C:\\defender22.exe
O4 - HKLM\..\Run: [{E4-43-31-12-ZN}] C:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [iakeoqhA] C:\WINDOWS\iakeoqhA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [w544d30f.dll] RUNDLL32.EXE w544d30f.dll,I2 0010a03b0544d30f
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\kwinoqez.exe GID003
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: Xbox 360 Desktop Alerts.lnk = C:\Program Files\Xbox 360 Desktop Alerts\Xbox360DesktopAlerts.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinoqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\pndsrego.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: repairs303169587.dll,wbsys.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Manager (AppLayerGatewayMgr) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


And here is a copied text of Kaspersky results:


Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 28/05/2006
Kaspersky Anti-Virus database records: 185030


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics
Total number of scanned objects 103428
Number of viruses found 24
Number of infected objects 67
Number of suspicious objects 0
Duration of the scan process 01:39:52

Infected Object Name Virus Name Last Action
C:\configdll.pif Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\defender22.exe Infected: Trojan-Clicker.Win32.VB.ly skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2938307f-6e7a1f46.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.z skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2938307f-6e7a1f46.zip/VB.class Infected: Trojan.Java.ClassLoader.ak skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2938307f-6e7a1f46.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2938307f-6e7a1f46.zip ZIP: infected - 3 skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-54c4b3f2-6719a357.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.z skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-54c4b3f2-6719a357.zip/VB.class Infected: Trojan.Java.ClassLoader.ak skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-54c4b3f2-6719a357.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-54c4b3f2-6719a357.zip ZIP: infected - 3 skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-b096e34-2fc2f5fb.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-b096e34-2fc2f5fb.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-b096e34-2fc2f5fb.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.ai skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count33.jar-b096e34-2fc2f5fb.zip ZIP: infected - 3 skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-105c9387.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-105c9387.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-105c9387.zip ZIP: infected - 2 skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv479.jar-1e3e6e7c-4e6c12e2.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv479.jar-1e3e6e7c-4e6c12e2.zip ZIP: infected - 1 skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\sedsgudf.dll Infected: Trojan.Win32.Crypt.o skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5WVKWLO6\defender22[1].exe Infected: Trojan-Clicker.Win32.VB.ly skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I1IH12DG\drsmartload46a[1].exe Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M6MAYEBK\drsmartload44a[1].exe Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M6MAYEBK\drsmartload45a[1].exe Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M6MAYEBK\drsmartload[1].exe Infected: Trojan-Downloader.Win32.Adload.br skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M6MAYEBK\keyboard22[1].exe Infected: Backdoor.Win32.VB.ary skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QNJXVVHI\iload[1].exe Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QNJXVVHI\newname22[1].exe Infected: Trojan-Clicker.Win32.VB.no skipped

C:\Program Files\Norton AntiVirus\Quarantine\315A6BA4 Infected: Trojan.Java.ClassLoader.d skipped

C:\Program Files\Norton AntiVirus\Quarantine\575F0243.gif Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\575F0243.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\575F0243.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\575F0243.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\575F0243.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton AntiVirus\Quarantine\575F0243.zip ZIP: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\575F0243.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\58926CF1.gif Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\58926CF1.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\58926CF1.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\58926CF1.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\58926CF1.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton AntiVirus\Quarantine\58926CF1.zip ZIP: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\58926CF1.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\5DAD3EB6 Infected: Trojan.Java.ClassLoader.h skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP514\A0037088.exe Infected: Trojan-Dropper.Win32.VB.mz skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP514\A0037090.exe/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP514\A0037090.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP514\A0037164.exe Infected: Backdoor.Win32.VB.ary skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP514\A0037165.exe Infected: Trojan-Clicker.Win32.VB.no skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP514\A0037173.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP514\A0037174.exe Infected: Trojan-Downloader.Win32.Adload.br skipped

C:\WINDOWS\browserxtras\pn\remove.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped

C:\WINDOWS\browserxtras\pn\remove.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f skipped

C:\WINDOWS\browserxtras\pn\remove.exe NSIS: infected - 2 skipped

C:\WINDOWS\drsmartload45a.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\WINDOWS\drsmartload46a.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped

C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\pf78.exe NSIS: infected - 4 skipped

C:\WINDOWS\system32\VSL03.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped

C:\WINDOWS\system32\VSL03.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped

C:\WINDOWS\system32\VSL03.exe NSIS: infected - 2 skipped

C:\WINDOWS\system32\VSL05.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped

C:\WINDOWS\system32\VSL05.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped

C:\WINDOWS\system32\VSL05.exe NSIS: infected - 2 skipped

Scan process completed.




Thanks again!

Comments

  • chiazchiaz
    edited May 2006
    Your scan showed one of more viruses in your Sun Java Runtime Environment (JRE) cache. Delete those by clearing the JRE cache.
    To clear the Java Runtime Environment (JRE) cache:
    • Click Start > Control Panel.
    • Double-click the Java icon in the control panel.
      -The Java Control Panel appears.
    • Click Settings under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click Delete Files.
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
      • Delete Files
      • View Applications
      • View Applets
    • Click OK on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click OK on Temporary Files Settings window.
    • Close the Java Control Panel
    You can view those instructions along with graphics Here


    Next download ATF Cleaner by Atribune.
      Double-click
    ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browser
      Click
    Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
      Click
    Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.


    Next download Brute Force Uninstaller to your desktop.
    • Right-click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk ( C: ) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones.
    Save it in the same folder you made earlier (c:\BFU).

    Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat.
    Click YES and follow the prompts, when prompted to restart the PC please do so.


    Here is some information regarding NewDotNet:
    Although Newdotnet does not claim to be spyware, it has been associated with computer instability in certain situations. Both SaveNow and NewDotNet have been linked for computer instability according to the MS Knowledge Base Article 302463.
    http://support.microsoft.com/?kbid=302463
    Additional source:
    http://www.pchell.com/support/savenow.shtml

    I suggest you remove NewDotNet unless you deliberately installed it.

    First, please open Add/Remove programs and uninstall New.Net , NewDotNet, New.net Application, or New.net Domains from there if listed. If it is not listed, follow these instructions:

    From a computer that has Internet access, click on the following link:
    http://www.new.net/support/uninstall6_90.exe.
    · Download and save uninstall6_90.exe to the Desktop.
    · Go to the Desktop and double-click on uninstall6_90.exe
    · Click on the OK button.
    · After removal, you may be prompted to reboot. Please reboot even if not prompted.


    Rescan with HijackThis and post the new log here. There are still other infections, we will deal with them once we see your fresh log.
Sign In or Register to comment.