Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ready to remove SpySheriff and other spyware [RESOLVED]

Started by NHSSAR , Jun 21 2005 07:08 AM

  • This topic is locked This topic is locked

#1
NHSSAR
Posted 21 June 2005 - 07:08 AM

NHSSAR

    Member

  • Member
  • PipPip
  • 14 posts
I am preparing to follow the instructions you've posted to others to remove SpySheriff. I guess I just need to know if there are other files on my system that also need to be removed. Here's my initial HiJack log.

Thank you for your help.

Attached Files


  • 0

Advertisements

#2
Guest_thatman_*
Posted 25 June 2005 - 10:31 AM

Guest_thatman_*
  • Guest
Hello

No attachmentsplease post straight to the forum

We are sorry for the delay in replying to your post, if your still need help please post a current HijackThis.log.

Thank you

Kc :tazz:
  • 0

#3
NHSSAR
Posted 26 June 2005 - 08:16 PM

NHSSAR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes, still looking for help in eliminating malware. Here is an updated log.
Thanks for any help you can provide. -Dave

Logfile of HijackThis v1.99.1
Scan saved at 10:21:43 PM, on 6/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\niSvcLoc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\Cyb2k.exe
C:\Program Files\Advanced Interactive Multimedia\aim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AdwareFilter\AdwareFilter.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\FIM\CodedDrag24\CodedDrag.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINNT\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HiJackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.boston.com/"); (C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [C2K] C:\WINNT\Cyb2k.exe
O4 - HKLM\..\Run: [Advanced Interactive Multimedia] C:\Program Files\Advanced Interactive Multimedia\aim.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\AdwareFilter.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster Express\pmremind.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINNT\system32\niSvcLoc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

#4
Guest_thatman_*
Posted 27 June 2005 - 03:48 AM

Guest_thatman_*
  • Guest
Hi NHSSAR

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop. Don't run it yet!

Reboot into Safe Mode: please see here if you are not sure how to do this.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\AdwareFilter.exe
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
Click on Fix Checked when finished and exit HijackThis.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\AdwareFilter<--Delete the whole folder
C:\Program Files\PSGuard<--Delete the whole folder
C:\winstall.exe<--Delete the whole folder
C:\Program Files\SpySheriff<--Delete the whole folder
Exit Explorer.Reboot as normal.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
NHSSAR
Posted 28 June 2005 - 04:51 AM

NHSSAR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok. I've followed all the steps you've defined. Here are my new Panda and HJ logs. Thank you for all your help. -Dave


Panda log:

Incident Status Location

Virus:W32/Smitfraud.B Disinfected Operating system
Adware:Adware/Smitfraud No disinfected C:\WINNT\system32\OLEADM.dll
Virus:Trj/Downloader.ABG Disinfected Operating system
Adware:Adware/Tubby No disinfected C:\WINNT\system32\MTC.dll
Adware:Adware/CWS.Oslogo No disinfected C:\WINNT\wplog.txt
Adware:Adware/SpywareNo No disinfected Windows Registry
Adware:Adware/Smitfraud No disinfected C:\WINNT\system32\oleadm.dll
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\Application Data\PSGuard.com
Adware:Adware/SpySheriff No disinfected C:\Documents and Settings\Desktop\Spysheriff.lnk
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[napv2b10-1.exe.scr]
Virus:JS/Fortnight.E@M Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~000922.@x@]
Virus:JS/Fortnight.D@M Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~001066.txt]
Virus:JS/Fortnight.E@M Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~001251.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~001409.txt]
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[RelComercial.eml.scr]
Virus:JS/Fortnight.E@M Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~002795.txt]
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[phone list.doc.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~003727.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[Go .scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~003783.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[onLoad.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~004146.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[getkits[1].pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~004424.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[HTTP.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~004552.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[CONTENT.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~004726.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[align.exe]
Virus:Trj/DropMimail.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[message.zip]
Virus:W32/Sobig.F Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~008340.@x@][application.pif]
Virus:W32/Sobig.F Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~008356.@x@][wicked_scr.scr]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~011356.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~012218.@x@]
Virus:Worm Generic.SD Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[MS03-047.exe][MS03-047.exe]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~018137.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~024702.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~025994.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[~029243.@x@]
Virus:W32/Mydoom.A.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[document.pif]
Virus:Bck/Cidra.B Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\former-Inbox[p_usb.zip][usb_d2.exe]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~008447.txt]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~012137.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~012138.@x@]
Virus:W32/Bagle.AH.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[Doll.exe]
Virus:W32/Bagle.AH.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~022437.@x@][MP3.com]
Virus:W32/Bagle.AH.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[Doll.com]
Virus:JS/Illwill.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[new_price.zip][price.html]
Virus:W32/Bagle.AM.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[new_price.zip][price.exe]
Virus:JS/Illwill.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[new_price.zip][price.html]
Virus:W32/Bagle.AM.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[new_price.zip][price.exe]
Virus:JS/Illwill.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price_new.zip][price.html]
Virus:W32/Bagle.AM.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price_new.zip][price.exe]
Virus:JS/Illwill.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price.zip][price.html]
Virus:W32/Bagle.AM.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price.zip][price.exe]
Virus:JS/Illwill.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[new__price.zip][price.html]
Virus:W32/Bagle.AM.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[new__price.zip][price.exe]
Virus:JS/Illwill.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price_08.zip][price.html]
Virus:W32/Bagle.AM.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price_08.zip][price.exe]
Virus:JS/Illwill.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[new__price.zip][price.html]
Virus:W32/Bagle.AM.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[new__price.zip][price.exe]
Virus:JS/Illwill.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price.zip][price.html]
Virus:W32/Bagle.AM.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price.zip][price.exe]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~032322.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~034053.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~034095.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~038395.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~038412.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~038609.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~041176.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~041808.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[~041943.@x@]
Virus:Trj/Mitglieder.BO Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[08_price.zip][doc_01.exe]
Virus:Trj/Mitglieder.BO Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[newprice.zip][doc_01.exe]
Virus:Trj/Mitglieder.BO Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price_08.zip][doc_01.exe]
Virus:Trj/Mitglieder.BO Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[price_08.zip][Doc_01.02.exe]
Virus:Trj/Mitglieder.BO No disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[543.rar][dddd.exe]
Virus:W32/Bagle.CA.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[Work.zip][1.exe]
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[napv2b10-1.exe.scr]
Virus:JS/Fortnight.E@M Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~000922.@x@]
Virus:JS/Fortnight.D@M Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~001066.txt]
Virus:JS/Fortnight.E@M Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~001251.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~001409.txt]
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[RelComercial.eml.scr]
Virus:JS/Fortnight.E@M Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~002795.txt]
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[phone list.doc.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~003727.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[Go .scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~003783.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[onLoad.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~004146.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[getkits[1].pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~004424.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[HTTP.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~004552.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[CONTENT.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~004726.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[align.exe]
Virus:Trj/DropMimail.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[message.zip]
Virus:W32/Sobig.F Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~008340.@x@][application.pif]
Virus:W32/Sobig.F Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~008356.@x@][wicked_scr.scr]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~011356.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~012218.@x@]
Virus:Worm Generic.SD Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[MS03-047.exe][MS03-047.exe]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~018137.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~024702.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~025994.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[~029243.@x@]
Virus:W32/Mydoom.A.worm Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[document.pif]
Virus:Bck/Cidra.B Disinfected C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast.net\Inbox[p_usb.zip][usb_d2.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-394afe2b-4bfff40d.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-394afe2b-4bfff40d.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-394afe2b-4bfff40d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-394afe2b-4bfff40d.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7ba3f962-11af79ea.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7ba3f962-11af79ea.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7ba3f962-11af79ea.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7ba3f962-11af79ea.zip[Beyond.class]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-15d6c998.zip[InstallerApplet.class]
Adware:Adware/SpySheriff No disinfected C:\Documents and Settings\Desktop\SpySheriff.lnk
Virus:Trj/Downloader.ABN Disinfected C:\Documents and Settings\My Documents\DLs\CRACK-LOCATOR.COM-Family_Tree_Maker_6.00.zip[jbq.exe]
Virus:Trj/Downloader.ABN Disinfected C:\Documents and Settings\My Documents\DLs\DOWNLOAD2.exe
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[napv2b10-1.exe.scr]
Virus:JS/Fortnight.E@M Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~000922.@x@]
Virus:JS/Fortnight.D@M Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~001066.txt]
Virus:JS/Fortnight.E@M Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~001251.@x@]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~001409.txt]
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[RelComercial.eml.scr]
Virus:JS/Fortnight.E@M Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~002795.txt]
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[phone list.doc.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~003727.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[Go .scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~003783.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[onLoad.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~004146.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[getkits[1].pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~004424.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[HTTP.pif]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~004552.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[CONTENT.scr]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~004726.txt]
Virus:W32/Klez.I Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[align.exe]
Virus:Trj/DropMimail.A Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[message.zip]
Virus:W32/Sobig.F Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~008340.@x@][application.pif]
Virus:W32/Sobig.F Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~008356.@x@][wicked_scr.scr]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~011356.@x@]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~012218.@x@]
Virus:Worm Generic.SD Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[MS03-047.exe][MS03-047.exe]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~018137.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~024702.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~025994.@x@]
Virus:Exploit/URLSpoof Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[~029243.@x@]
Virus:W32/Mydoom.A.worm Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[document.pif]
Virus:Bck/Cidra.B Disinfected C:\Documents and Settings\Netscape\Mail\mail.comcast.net\Inbox[p_usb.zip][usb_d2.exe]
Spyware:Spyware/XXXToolbar No disinfected C:\Program Files\Netscape\Netscape\install.log
Adware:Adware/Tubby No disinfected C:\WINNT\system32\MTC.dll
Adware:Adware/Smitfraud No disinfected C:\WINNT\system32\oleadm.dll
Virus:W32/Smitfraud.B Disinfected C:\WINNT\system32\wininet.dll
Adware:Adware/Smitfraud No disinfected C:\WINNT\uninstIU.exe
Adware:Adware/CWS.Oslogo No disinfected C:\WINNT\wplog.txt


HiJack Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:29:17 AM, on 6/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\niSvcLoc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\Cyb2k.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\FIM\CodedDrag24\CodedDrag.exe
C:\HiJackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.boston.com/"); (C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [C2K] C:\WINNT\Cyb2k.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster Express\pmremind.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINNT\system32\niSvcLoc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

#6
Guest_thatman_*
Posted 28 June 2005 - 05:26 AM

Guest_thatman_*
  • Guest
Hi NHSSAR

Please read through the instructions before you start (you may want to print this out).

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\Program Files\Netscape\Netscape\install.log
C:\WINNT\system32\MTC.dll
C:\WINNT\system32\oleadm.dll
C:\WINNT\uninstIU.exe
C:\WINNT\wplog.txt
C:\Documents and Settings\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-15d6c998.zip[InstallerApplet.class]
C:\Documents and Settings\Desktop\SpySheriff.lnk
C:\WINNT\system32\OLEADM.dll
C:\WINNT\system32\MTC.dll
C:\WINNT\wplog.txt
C:\WINNT\system32\oleadm.dll
C:\Documents and Settings\Application Data\PSGuard.com
C:\Documents and Settings\Desktop\Spysheriff.lnk[/B]
Let the system reboot.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#7
NHSSAR
Posted 28 June 2005 - 10:28 PM

NHSSAR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Well, things are definately getting better. However, there is still a couple of viruses that I can't seem to delete using your instructions. See logs.

Also, I never could locate a file or folder named Prefetch. I even tried a search for it. Do I need this folder?

Here are the updated logs:
Panda:
Incident Status Location

Virus:Trj/Mitglieder.BO No disinfected C:\Documents and Settings\Dave Getchell\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[543.rar][dddd.exe]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Dave Getchell\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-15d6c998.zip[InstallerApplet.class]
Virus:W32/Smitfraud.B Disinfected C:\WINNT\system32\wininet.dll

Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 12:27:50 AM, on 6/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\niSvcLoc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\Cyb2k.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\FIM\CodedDrag24\CodedDrag.exe
C:\HiJackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.boston.com/"); (C:\Documents and Settings\Dave Getchell\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Dave Getchell\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [C2K] C:\WINNT\Cyb2k.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster Express\pmremind.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINNT\system32\niSvcLoc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

#8
Guest_thatman_*
Posted 29 June 2005 - 01:18 AM

Guest_thatman_*
  • Guest
Hi NHSSAR

Now we come for the bad one take your time don't rush this

Reboot into safemode

Find the following file
C:\WINNT\system32\wininet.dll Right Click and Rename it to wininet.old

Now Navigate to C:\WINNT\System32\DllCache Locate wininet.dll
Right Click and Select Copy

Go back to C:\WINNT\System32
Place the pointer inside that folder,Normal Click once and then Right Click and Select Paste!



Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\Documents and Settings\Dave Getchell\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox dddd.exe
C:\Documents and Settings\Dave Getchell\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox 543.rar
C:\Documents and Settings\Dave Getchell\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-15d6c998.zip[/B]
Let the system reboot.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#9
NHSSAR
Posted 29 June 2005 - 11:06 PM

NHSSAR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I could not rename the file wininet.dll. Error message said it is currently being used by Windows. I tried several times while in the safe mode but to no avail.

I was able to do the other steps. Attached is the panda and HJ logs. I don't now what a Ewido is so I don't have a log for it.

Thanks again for your help.
-Dave

Panda:

Incident Status Location

Virus:Trj/Mitglieder.BO No disinfected C:\Documents and Settings\Dave Getchell\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox[543.rar][dddd.exe]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Dave Getchell\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-15d6c998.zip[InstallerApplet.class]
Virus:W32/Smitfraud.B Disinfected C:\WINNT\system32\wininet.dll


HJ log:
Logfile of HijackThis v1.99.1
Scan saved at 12:15:43 AM, on 6/30/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\FIM\CodedDrag24\CodedDrag.exe
C:\HiJackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.boston.com/"); (C:\Documents and Settings\Dave Getchell\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Dave Getchell\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [C2K] C:\WINNT\Cyb2k.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster Express\pmremind.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINNT\system32\niSvcLoc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


Please let me now if there is anything I should do.
Ths\ans -Dave
  • 0

#10
Guest_thatman_*
Posted 30 June 2005 - 08:02 AM

Guest_thatman_*
  • Guest
Hi NHSSAR

C:\Documents and Settings\Dave Getchell\Application Data\Mozilla\Profiles\default\xd0kv6z2.slt\Mail\mail.comcast-1.net\Inbox
543.rar<--Delete this file
dddd.exe<--Delete this file

C:\Documents and Settings\Dave Getchell\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-15d6c998.zip<--Delete this file

Virus:W32/Smitfraud.B Disinfected C:\WINNT\system32\wininet.dll<--As for this on we will have to wait and see

Lets leave this for a few days, post back if you still have any problems I will keep this topic open

Kc :tazz:
  • 0

#11
Guest_thatman_*
Posted 05 July 2005 - 01:08 PM

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP