Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yet Another rdriv.sys [RESOLVED]

Started by nottheoneyouknow , Aug 17 2005 04:52 PM

  • This topic is locked This topic is locked

#1
nottheoneyouknow
Posted 17 August 2005 - 04:52 PM

nottheoneyouknow

    New Member

  • Member
  • Pip
  • 4 posts
I've been through the suggested fixes, and read several threads about rdriv.sys, but haven't found anything that helped. Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:54:03 PM, on 8/17/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\atwtusb.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\Bin\HPOstr05.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
F:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\HPOVDX05.EXE
C:\Program Files\iTunes\iTunes.exe
F:\Program Files\DiscWareLite\DiscWareLite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINNT\lsass.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\RunServices: [windows system notepad] wnpsm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\Bin\HPOstr05.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = F:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: 01407 - Unknown owner - \\24.124.126.144\Admin$\eraseme_73845.exe (file missing)
O23 - Service: 11620 - Unknown owner - \\24.124.126.144\Admin$\eraseme_56408.exe (file missing)
O23 - Service: 12586 - Unknown owner - \\24.124.126.144\Admin$\eraseme_67004.exe (file missing)
O23 - Service: 23358 - Unknown owner - \\24.124.126.144\Admin$\eraseme_48648.exe (file missing)
O23 - Service: 32241 - Unknown owner - \\24.124.126.144\Admin$\eraseme_42287.exe (file missing)
O23 - Service: 34265 - Unknown owner - \\24.124.126.144\Admin$\eraseme_65253.exe (file missing)
O23 - Service: 41612 - Unknown owner - \\24.124.126.144\Admin$\eraseme_63458.exe (file missing)
O23 - Service: 44755 - Unknown owner - \\24.124.126.144\Admin$\eraseme_55525.exe (file missing)
O23 - Service: 47471 - Unknown owner - \\24.124.126.144\Admin$\eraseme_36222.exe (file missing)
O23 - Service: 54353 - Unknown owner - \\24.124.126.144\Admin$\eraseme_70551.exe (file missing)
O23 - Service: 75708 - Unknown owner - \\24.124.126.144\Admin$\eraseme_51614.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Service - Unknown owner - C:\WINNT\lsass.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


I would appreciate any help you can give me,

Thanks,

nottheoneyouknow
  • 0

Advertisements

#2
LostAccount
Posted 22 August 2005 - 01:00 PM

LostAccount

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Sorry we didn't get to your log earlier, but as you can see, the helpers here are really busy. If you still require help, please post a new HJT log.

Edited by LostAccount, 22 August 2005 - 01:00 PM.

  • 0

#3
nottheoneyouknow
Posted 23 August 2005 - 12:26 AM

nottheoneyouknow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I still need help. Here's a new log.

Logfile of HijackThis v1.99.1
Scan saved at 1:28:08 AM, on 8/23/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\atwtusb.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\TBLMOUSE.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\Bin\HPOstr05.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
F:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\HPOVDX05.EXE
F:\Program Files\LimeWire\LimeWire.exe
C:\WINNT\system32\hpoipm07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\RunServices: [windows system notepad] wnpsm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\Bin\HPOstr05.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = F:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: 01407 - Unknown owner - \\24.124.126.144\Admin$\eraseme_73845.exe (file missing)
O23 - Service: 11620 - Unknown owner - \\24.124.126.144\Admin$\eraseme_56408.exe (file missing)
O23 - Service: 12586 - Unknown owner - \\24.124.126.144\Admin$\eraseme_67004.exe (file missing)
O23 - Service: 23358 - Unknown owner - \\24.124.126.144\Admin$\eraseme_48648.exe (file missing)
O23 - Service: 32241 - Unknown owner - \\24.124.126.144\Admin$\eraseme_42287.exe (file missing)
O23 - Service: 34265 - Unknown owner - \\24.124.126.144\Admin$\eraseme_65253.exe (file missing)
O23 - Service: 41612 - Unknown owner - \\24.124.126.144\Admin$\eraseme_63458.exe (file missing)
O23 - Service: 44755 - Unknown owner - \\24.124.126.144\Admin$\eraseme_55525.exe (file missing)
O23 - Service: 47471 - Unknown owner - \\24.124.126.144\Admin$\eraseme_36222.exe (file missing)
O23 - Service: 54353 - Unknown owner - \\24.124.126.144\Admin$\eraseme_70551.exe (file missing)
O23 - Service: 75708 - Unknown owner - \\24.124.126.144\Admin$\eraseme_51614.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Service - Unknown owner - C:\WINNT\lsass.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Thanks,

Steve
  • 0

#4
LostAccount
Posted 23 August 2005 - 08:01 AM

LostAccount

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Hi,

You have acquired a virus from your LAN or the Internet, so I recommend that you install a firewall now to prevent any more infections like that from occuring while we are cleaning up your computer. A good firewall to have is Kerio Personal Firewall (a link is in my signature). While installing, choose Simple Mode instead of Advanced Mode.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.

Please follow all instructions as specified. Print these instructions to ensure all are followed.

Please download the following programs, but do not run them yet:

* rdrivRem.zip
  • Unzip it to your desktop.
* Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed
  • After the updates are installed exit Ewido.
* CleanUp!
  • Install it.
* Killbox by Option^Explicit
  • Save it to your desktop.
This is a list of files that is required in Step 5. Copy paste these filepaths into a Notepad window and save it to your desktop as a text file.

C:\WINDOWS\system32\wnpsm.exe
C:\WINNT\lsass.exe

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight "Safe Mode" then hit enter.

1.) Please double-click rdrivRem.bat to run the program - follow the instructions on the screen. After it's complete, rdriv.txt will be created in the rdrivRem folder.

2.) Double-click the Ewido Security Suite icon to run the program.
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
3.) Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

4.) After Cleanup! is finished, run HijackThis. Place a check next to the following items, if found, and click FIX CHECKED:

O4 - HKLM\..\RunServices: [windows system notepad] wnpsm.exe
O23 - Service: 01407 - Unknown owner - \\24.124.126.144\Admin$\eraseme_73845.exe (file missing)
O23 - Service: 11620 - Unknown owner - \\24.124.126.144\Admin$\eraseme_56408.exe (file missing)
O23 - Service: 12586 - Unknown owner - \\24.124.126.144\Admin$\eraseme_67004.exe (file missing)
O23 - Service: 23358 - Unknown owner - \\24.124.126.144\Admin$\eraseme_48648.exe (file missing)
O23 - Service: 32241 - Unknown owner - \\24.124.126.144\Admin$\eraseme_42287.exe (file missing)
O23 - Service: 34265 - Unknown owner - \\24.124.126.144\Admin$\eraseme_65253.exe (file missing)
O23 - Service: 41612 - Unknown owner - \\24.124.126.144\Admin$\eraseme_63458.exe (file missing)
O23 - Service: 44755 - Unknown owner - \\24.124.126.144\Admin$\eraseme_55525.exe (file missing)
O23 - Service: 47471 - Unknown owner - \\24.124.126.144\Admin$\eraseme_36222.exe (file missing)
O23 - Service: 54353 - Unknown owner - \\24.124.126.144\Admin$\eraseme_70551.exe (file missing)
O23 - Service: 75708 - Unknown owner - \\24.124.126.144\Admin$\eraseme_51614.exe (file missing)
O23 - Service: Local Security Authority Service - Unknown owner - C:\WINNT\lsass.exe

Close HiJackThis.

5.) Run Killbox.exe.

* Select "Delete on Reboot".

* Open the notepad you saved earlier. Press CTRL + A to select all file paths in the notepad, then press CTRL + C which will copy all of them to the clipboard.

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any "PendingRenameOperation" prompt. If your computer does not restart automatically, please restart it manually.

After computer has restarted continue with the rest of the instructions:

6.) Make sure your firewall is on. Make sure you can turn it off then turn it back on and that nothing is greyed out.
Also, Make sure your Anti-Virus program is working properly - you can turn on and off auto-protect, etc.

7.) Run BOTH of these online virus scans (NOT at the same time!):
ActiveScan
TrendMicro's HouseCall - check "Auto Clean"

Save the results from ActiveScan.

8.) Please run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type 01407 and press OK. OK any prompts. Repeat these steps for these services:

11620
12586
23358
32241
34265
41612
44755
47471
54353
75708
Local Security Authority Service

Close HijackThis, and restart your computer.

I need you to post the contents of rdriv.txt, the log from Ewido, the log from ActiveScan, and a new HiJackThis log into this topic.
  • 0

#5
nottheoneyouknow
Posted 24 August 2005 - 10:22 PM

nottheoneyouknow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I didn't realize Zonelabs firewall was no longer running, until you mentioned it. It had been off since mid-July! I'm not sure how it got turned off. I decided to try Kerio.

I couldn't get Activescan to run all the way through - after several tries, I got it to start running the scan, but it would stop at about 40% complete, so I can't post that log.

I don't get any more warnings about rdriv.sys, but the fact that Activescan won't run to completion worries me a bit.

Logfile of HijackThis v1.99.1
Scan saved at 11:10:04 PM, on 8/24/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
f:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\atwtusb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\TBLMOUSE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\Bin\HPOstr05.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
F:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\HPOVDX05.EXE
C:\WINNT\system32\hpoipm07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
f:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\Bin\HPOstr05.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = F:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - f:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - f:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

rdriv.txt:
~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!


~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

Ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:52:58 PM, 8/23/2005
+ Report-Checksum: BCC550E0

+ Scan result:

:mozilla.21:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.29:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.65:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.66:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.67:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.68:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.78:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.79:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.80:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.84:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.92:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.93:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.95:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.96:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.97:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.100:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.106:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.107:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.123:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.127:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.134:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.142:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.143:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.144:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.145:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.155:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.158:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.159:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.182:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.186:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.188:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.189:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.191:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.192:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.195:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.196:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.211:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.216:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.217:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.218:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.219:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.237:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.239:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.249:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.250:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.251:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.252:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.263:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.264:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.265:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.266:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.271:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.272:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.273:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.274:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.319:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.336:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.337:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.339:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.340:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.342:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.343:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.344:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.345:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.346:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.348:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.375:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.376:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.377:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.384:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.386:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.387:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.388:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.407:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.408:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.423:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.424:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.443:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.451:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.452:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.487:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.509:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.525:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.526:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.528:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.532:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.550:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.564:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.567:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.570:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.573:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.574:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.581:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.590:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.602:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.605:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.606:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.639:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.650:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Cj : Cleaned with backup
:mozilla.651:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.652:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.659:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.670:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.671:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.696:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.697:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.716:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.717:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.721:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.722:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.723:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.729:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.735:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.746:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.747:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.748:C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\w8zcpxra.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\administrator@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\administrator@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\administrator@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\administrator@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\administrator@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\administrator@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End


Thanks for your help. Let me know if the Activescan problem might indicate something else wrong with my system.

Thanks,

Steve
  • 0

#6
LostAccount
Posted 25 August 2005 - 09:34 AM

LostAccount

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
ActiveScan has always had that problem... after all the technique they use to scan your system (ActiveX) isn't really meant to deal with virus scanning.

Your logs are clean. Any problems?
  • 0

#7
nottheoneyouknow
Posted 25 August 2005 - 02:55 PM

nottheoneyouknow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

ActiveScan has always had that problem... after all the technique they use to scan your system (ActiveX) isn't really meant to deal with virus scanning.

Your logs are clean. Any problems?

View Post

None that I am aware of. Thank you very much!

Steve
  • 0

#8
LostAccount
Posted 27 August 2005 - 05:01 AM

LostAccount

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Everything looks great --- your HijackThis log is completely clean. :)
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. :tazz:

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.o...oducts/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or Sygate.
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :)

Edited by LostAccount, 27 August 2005 - 05:01 AM.

  • 0

#9
LostAccount
Posted 27 August 2005 - 05:03 AM

LostAccount

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP