Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

DrWatson postmortem Debugger[CLOSED]

Started by buyquickly , Mar 24 2005 08:02 PM

  • This topic is locked This topic is locked

#1
buyquickly
Posted 24 March 2005 - 08:02 PM

buyquickly

    Member

  • Member
  • PipPip
  • 24 posts
Hi, somebody please help me! here is my hijackthis log (i've done the steps mentioned in the "must read before posting hijackthis log"):

Logfile of HijackThis v1.98.2
Scan saved at 9:00:42 PM, on 3/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\aim\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Intuit\QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2comm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\GoToMyPC\GoToMyPC\g2pre.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://video.msn.com/video/p.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.side...00719/sb026.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} - http://download.koda...2_1/install.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://81.216.10.59/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....00719/sb02a.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta....d/pffloader.cab
O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://icebergradio.....259/client.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instants...erxsigned41.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://www.smarterch...up/websetup.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt...st/RegDload.CAB
  • 0

Advertisements

#2
Guest_thatman_*
Posted 25 March 2005 - 09:50 AM

Guest_thatman_*
  • Guest
Hi buyquickly

Welcome to geekstogo

Please read through the instructions before you start (you may want to print this out).

You are running an out-of-date version of HijackThis; can you please download a new copy (there is a link in my signature), unzip it, and replace your existing copy with the new version.

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.side...00719/sb026.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....00719/sb02a.cab
O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://www.smarterch...up/websetup.cab
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll<--Delete this file

Exit Explorer, and reboot as normal afterwards.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
buyquickly
Posted 27 March 2005 - 11:04 PM

buyquickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi and thanks so much Kc for your expert help! I have done as you instructed and removed the selected items through Hijackthis. then, in safe mode, i went to delete this file, "C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll" but it didn't appear to be there or anywhere on my pc, so i assume hijackthis was able to delete it.

i also ran both online virus scans. i ran pandascan first and the log is below. i then ran the trendmicro one after pandascan finished, and they did not find any infected files so i don't have a logfile for that scan. i just ran hijackthis and here is the log, with the panda scan log after:


Logfile of HijackThis v1.99.1
Scan saved at 11:58:51 PM, on 3/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\GoToMyPC\GoToMyPC\g2comm.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2pre.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\aim\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Intuit\QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Webshots\WebshotsTray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\pdfrd\PDFReader.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Vin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://video.msn.com/video/p.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} - http://download.koda...2_1/install.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://81.216.10.59/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta....d/pffloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://icebergradio.....259/client.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instants...erxsigned41.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt...st/RegDload.CAB
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe







Now, here is the panda scan log file:



Incident Status Location

Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/SideStep No disinfected C:\WINDOWS\Downloaded Program Files\SbCIe???.???
Adware:Adware/Alexa-Toolbar No disinfected Windows Registry
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected])\MSG_RTF.TXT
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected])\message.scr
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected])\MSG_RTF.TXT
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected])\message.scr
Virus:Trj/Mitglieder.BO No disinfected Personal Folders\_old\quikpost\34544.rar[dddd.exe]
Possible Virus. No disinfected C:\Program Files\Real\RealProducer Basic 10\resources\rsup3280.dll
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\stolen\creditcard_material.zip[creditcard_material.doc.exe]
Virus:W32/Lentin.R Disinfected Chiu_Vin\Deleted Items\Alert\StartUp.zip[StartUp.exe]
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\it's a secret!\injection.com
Virus:W32/Lentin.R Disinfected Chiu_Vin\Deleted Items\KOF - The Game\Demo.zip[Demo.exe]
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\here is my photo!\information_injection.zip[information_injection.exe]
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\notice!\news.zip[news.htm.pif]
Virus:W32/Netsky.P.worm Disinfected Chiu_Vin\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\Delivery Failed\death.zip[death.htm.pif]
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\help attached\warez.pif
Virus:W32/Netsky.P.worm Disinfected Chiu_Vin\Deleted Items\Undeliverable: Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\pwd?\moonlight.scr
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\do not visit the pages on the list I sent!\unfolds.exe
Virus:W32/Netsky.D.worm Disinfected Chiu_Vin\Deleted Items\Re: Excel file\document_excel.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Network Patch\update359.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Fw: heoff\heoff.scr
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Internet Critical Upgrade\Installation.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Critical Patch\Q155945.exe
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Re:honey\End of.bat
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Critical Upgrade\Q236488.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Internet Critical Pack\Patch128.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\gron\gron.scr
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\heoff\heoff.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Re: gron\gron.scr
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\nplau32\nplau32.bat
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\vioff\vioff.scr
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Re: d9_1\d9_1.scr
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Have a humour Christmas\in GDI..pif
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Fw:so cool a flash,enjoy it\If you.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\last microsoft pack\UPGRADE.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Re: stoff\stoff.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Update\upgrade126.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Network Upgrade\update78.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Re: grdison\grdison.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Network Patch\Upgrade184.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\poon\poon.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Current Internet Security Pack\upgrade.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Security Patch\install.exe
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Have a nice Allhallowmas\of your.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\latest internet security update\Pack45.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Net Update\Pack75.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Security Pack\Patch575.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Current Pack\Install.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\new patch\QDXQ.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Network Security Upgrade\update.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Net Security Upgrade\Upgrade9722.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Network Security Upgrade\installer81.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Net Security Update\upgrade.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Critical Update\installer52.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Upgrade\Q427554.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Microsoft Update\installation631.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Net Critical Upgrade\Q483852.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Net Pack\installer6.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Microsoft Update\q167933.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Critical Upgrade\qne.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Internet Upgrade\Pack565.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Network Pack\q326773.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Internet Security Pack\install771.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Security Update\Q216917.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Network Critical Patch\upgrade.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Network Update\Upgrade1153.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Internet Critical Upgrade\pack4198.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Microsoft Critical Upgrade\Installation.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Qd.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Network Critical Update\Q741625.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Internet Security Upgrade\installation76.exe
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\document_all.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Microsoft Critical Upgrade\INSTALLER83.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Current Network Critical Patch\QS.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Network Upgrade\Upgrade.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Net Security Pack\patch863.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Net Critical Pack\installation759.exe
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\document_9446.pif
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\wicked_scr.scr
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\your_details.pif
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\your_details.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: User unknown\movie0045.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Your message received (Your details) [Autoresponse]\your_document.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Your message received (Re: That movie) [Autoresponse]\document_all.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\document_9446.pif
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\your_details.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\your_document.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Internet Patch\q564473.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Critical Upgrade\patch.exe
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\movie0045.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\thank_you.pif
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\your_document.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\your_details.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\thank_you.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Delivery Status Notification (Failure)\wicked_scr.scr
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\your_details.pif
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\A special new website\at .scr
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Fw:ebay,some questions\is 0016.scr
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Sos!\pass. .exe
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Backup\_QuikPost Backup\Mail Transaction Failed\text.zip[text.txt .pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\file.zip[file.cmd]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hi\body.zip[body.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\doc.zip[doc.htm .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\file.zip[file.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Test\data.zip[data.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\document.zip[document.txt .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\MMS Notification - Xray\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\MMS Notification - Xray\file.zip[file.doc .exe]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hello\doc.zip[doc.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hi\text.zip[text.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\pafveo.zip[pafveo.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\body.zip[body.cmd]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Warning: could not send message for past 4 hours\body.zip[body.bat]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Status\pakjir.zip[pakjir.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\file.zip[file.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Test\body.zip[body.txt .pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Mail Delivery System\text.zip[text.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Server Report\readme.zip[readme.exe]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Mail Transaction Failed\data.zip[data.htm .pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\body.zip[body.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\document.zip[document.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\document.zip[document.txt .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\rfcalhhgkzgv\data.zip[data.cmd]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\TZYDOZNCOBW\test.zip[test.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hello\body.zip[body.txt .exe]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hi\doc.zip[doc.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\body.zip[body.htm .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Status\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Undeliverable: Mail Delivery System\body.zip[body.htm .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\ERROR\document.zip[document.cmd]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\body.zip[body.scr]
  • 0

#4
Guest_thatman_*
Posted 28 March 2005 - 04:45 AM

Guest_thatman_*
  • Guest
Hi buyquickly

Welcome to geekstogo

Download the Microsoft Antispyware
Now run the program

Please read through the instructions before you start (you may want to print this out).

You are running HijackThis from the Desktop; please create a new folder C:\HJT and move HijackThis.exe into the new folder

Download the CCleaner unzip the file to install.
Open CCleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Now run the ccleaner.

Reboot into safemode.

Using window Explorer delete the following files and folders. If found.

Adware:Adware/SideStep No disinfected C:\WINDOWS\Downloaded Program Files\SbCIe???.???<--Delete this file or folder
Adware:Adware/Alexa-Toolbar No disinfected Windows Registry
Virus:Trj/Mitglieder.BO No disinfected Personal Folders\_old\quikpost\34544.rar[dddd.exe]<--Find this item and delete the file or folder
C:\Program Files\Real\RealProducer Basic 10\resources\rsup3280.dll<--Delete this file or uninstall Real

Exit Explorer.

Run the ccleaner.

Reboot into normal mode.

Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm

Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
buyquickly
Posted 29 March 2005 - 03:03 PM

buyquickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello and thanks again for your continued support!

As instructed, I ran ccleaner, then deleted these three files:
C:\WINDOWS\Downloaded Program Files\SbCIe???.???
Personal Folders\_old\quikpost\34544.rar[dddd.exe]
C:\Program Files\Real\RealProducer Basic 10\resources\rsup3280.dll

then i ran ccleaner again, restore the hosts, then ran panda scan. Finally, i ran hijackthis after all of that. Below is the panda scan log, followed by hijackthis log:


Incident Status Location

Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/SideStep No disinfected C:\WINDOWS\Downloaded Program Files\SbCIe???.???
Adware:Adware/Alexa-Toolbar No disinfected Windows Registry
Virus:Trj/Mitglieder.BO No disinfected Personal Folders\_old\quikpost\34544.rar[dddd.exe]






Logfile of HijackThis v1.99.1
Scan saved at 3:59:27 PM, on 3/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\aim\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Intuit\QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\GoToMyPC\GoToMyPC\g2comm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2tray.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://video.msn.com/video/p.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://video.msn.com/video/p.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} - http://download.koda...2_1/install.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://81.216.10.59/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta....d/pffloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://icebergradio.....259/client.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instants...erxsigned41.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt...st/RegDload.CAB
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
Guest_thatman_*
Posted 29 March 2005 - 03:18 PM

Guest_thatman_*
  • Guest
Hi buyquickly

Your HJT.Log is clean

Reboot into safemode

Using Window expoler delte the following files and folders.

C:\WINDOWS\Downloaded Program Files\SbCIe???.???<--Delete this file
Virus:Trj/Mitglieder.BO No disinfected Personal Folders\_old\quikpost\34544.rar[dddd.exe<--Delete this file

Run the cleaner

rescan with panda and post the log and a HJT.Log

Kc :tazz:
  • 0

#7
buyquickly
Posted 01 April 2005 - 10:03 AM

buyquickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
sorry for my slow reply. pandascan was not available the other night for some reason. Anyway, I've followed all the instructions, and here is my panda scan log, followed by my hijackthis log:



Incident Status Location

Spyware:Spyware/BetterInet No disinfected Windows Registry


_____________________________



Logfile of HijackThis v1.99.1
Scan saved at 11:01:50 AM, on 4/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Intuit\QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\GoToMyPC\GoToMyPC\g2comm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2tray.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\aim\aim.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://video.msn.com/video/p.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://video.msn.com/video/p.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} - http://download.koda...2_1/install.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://81.216.10.59/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta....d/pffloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://icebergradio.....259/client.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instants...erxsigned41.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://shopping.web...ent/ieatgpc.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt...st/RegDload.CAB
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
Guest_thatman_*
Posted 01 April 2005 - 12:28 PM

Guest_thatman_*
  • Guest
Hi buyquickly

Do a search in your registry for BetterInet and also check the item below

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrenVersion\Run

Let me know how you get on

Kc :tazz:
  • 0

#9
buyquickly
Posted 04 April 2005 - 08:24 PM

buyquickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Kc,

I did a search for "BetterInet" and I also looked in the registry folder:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrenVersion\Run

but, i could not find BetterInet anywhere. Any suggestions?

When I right click a folder, windows still freezes. Then the Drwatston debugger window pops up. The only way to get out of that freeze is by ending the drwtsn process thru CTRL+ALT+DEL, but its been causing other problems too. please help Kc!!

Thanks!!
  • 0

#10
Guest_thatman_*
Posted 05 April 2005 - 12:23 AM

Guest_thatman_*
  • Guest
Hi buyquickly

Welcome to geekstogo

Please download all items to your desktop first.

Please read through the instructions before you start (you may want to print this out).

Please download and install these programs - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.


Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.

Download CW-Shredder at the link below:
CWShredder

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


+++++++++++++++++++++++++++++++++++++++++++++++++


Reboot into Safe Mode: Click here if you don't know how to do this.

Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

Scan with AdAware and let it remove any bad files found.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

Clean out your Prefetch file’s C:\Windows\Prefetch
I clean this out once a week just delete all the files in the folder

Reboot into normal mode.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

Advertisements

#11
buyquickly
Posted 13 April 2005 - 09:56 PM

buyquickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Kc, thanks for the help so far. sorry it took me a few days to reply. anyway, i did everything you instructed. still having the drwatson freeze. here is the panda scan and hjt logs:



Incident Status Location

Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/Minibug No disinfected C:\Program Files\aim\Sysfiles\WxBug.EXE





Logfile of HijackThis v1.99.1
Scan saved at 11:53:13 PM, on 4/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\aim\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Intuit\QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\GoToMyPC\GoToMyPC\g2comm.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2pre.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\System32\WISPTIS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://video.msn.com/video/p.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} - http://download.koda...2_1/install.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://81.216.10.59/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta....d/pffloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://icebergradio.....259/client.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instants...erxsigned41.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://shopping.web...ent/ieatgpc.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt...st/RegDload.CAB
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#12
Guest_thatman_*
Posted 14 April 2005 - 06:37 AM

Guest_thatman_*
  • Guest
Hi buyquickly

Lets see if this will find any hidden Trojan’s http://www.ewido.net/en/download/

This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.

Post back with any information

Kc :tazz:
  • 0

#13
buyquickly
Posted 15 April 2005 - 06:34 AM

buyquickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Kc,

Thanks for not giving up on me. i ran ewido like you suggested, and had it automatically clean anything it found. here is the log below:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:29:31 AM, 4/15/2005
+ Report-Checksum: 985B72F2

+ Date of database: 4/14/2005
+ Version of scan engine: v3.0

+ Duration: 114 min
+ Scanned Files: 197280
+ Speed: 28.65 Files/Second
+ Infected files: 11
+ Removed files: 11
+ Files put in quarantine: 11
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
E:\
F:\

+ Scan result:
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Vin\Cookies\vin@70406058[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Vin\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Vin\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Vin\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Vin\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Vin\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Vin\Cookies\vin@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Vin\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -> Spyware.WebEx -> Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup


::Report End
  • 0

#14
Guest_thatman_*
Posted 15 April 2005 - 08:33 AM

Guest_thatman_*
  • Guest
Hi buyquickly

Do a online with the following items:

http://www.ravantivirus.com/scan/

http://www.bitdefend...can/licence.php
Bitdefender. Be sure and Check Auto Clean.

Make a note of any items that can't be removed.

Kc :tazz:
  • 0

#15
buyquickly
Posted 16 April 2005 - 09:41 AM

buyquickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Kc,

I ran Ravscan, then bitdefender, both set to autoclean.

Bitdefender's status report said:
"Scanning successful. No viral code found."

here is the ravscan log:

Scan started at 4/15/2005 11:33:55 AM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.272: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0003... - Win32/[email protected]#2 -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.269: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0003... - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.259: ([email protected] [failure notice])->(part0003:readme.pif) - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.228: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0003... - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.177: ([email protected] [failure notice])->(part0003:body.zip)->body.htm ... - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.148: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0003... - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.141: ([email protected] [failure notice])->(part0003:text.zip)->text.txt ... - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.136: ([email protected] [failure notice])->(part0003:text.zip)->text.scr - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.121: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0003... - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.116: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0003... - Win32/[email protected]#2 -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.47: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0003:... - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.40: ([email protected] [failure notice])->(part0003:ljnecj.scr) - Win32/Mydoom.A@mm -> Infected
C:\Documents and Settings\Vin\Local Settings\Application Data\Identities\{B81840D4-1844-4D89-A307-5402BFC1B327}\Microsoft\Outlook Express\Deleted Items.dbx->Message.6: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0003:t... - Win32/Mydoom.A@mm -> Infected

Scanned
============================
Objects: 128446
Directories: 9567
Archives: 8720
Size(Kb): 1326892
Infected files: 13

Found
============================
Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 14505
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP