Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New Malware.u

Started by Knolats , Oct 12 2005 03:26 PM

  • Please log in to reply

#1
Knolats
Posted 12 October 2005 - 03:26 PM

Knolats

    New Member

  • Member
  • Pip
  • 6 posts
Hey there!

McAfee keeps finding more and more of these 'trojan: New Malware.u' buggers.. today, it found close to 66, or something. :tazz: I have no idea what they do.. never had them before a couple of days ago and McAfee has no idea what they do and cannot clean them. Trend Housecall does not find them.

My computer has also been acting slow and laggy, yesterday it had troubles starting up and MyCoolWebSearch keeps rearing it's ugly head (I've run CWShredder soooo many times now, it keeps coming back), even in Firefox *despises IE with a passion*

So - help, please? :) I've run through the tools ('cept AVG) on the Must Read post. Here are the HijackThis and Ewido logs.

Logfile of HijackThis v1.99.1
Scan saved at 7:23:50 AM, on 13/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\termsrv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\CTsvcCDA.EXE
D:\PROGRA~1\DIRECT~1\DUService.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINNT\system32\drivers\KodakCCS.exe
D:\WINNT\System32\llssrv.exe
D:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Microsoft SQL Server\MSSQL$FUSIONSPORT\Binn\sqlservr.exe
D:\WINNT\system32\nvsvc32.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\wins.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\dns.exe
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\system32\Dfssvc.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\devldr32.exe
D:\Program Files\DirectUpdate\DUControl.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINNT\system32\ctfmon.exe
d:\progra~1\intern~1\iexplore.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\WINNT\system32\RUNDLL32.EXE
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
D:\Program Files\Greetings Workshop\GWREMIND.EXE
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gagquylrf...UTvc6K6vc_.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mczxgcnmy...Yt7hHJepSo.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {600612B6-CAD6-0DA1-9F2E-3A005A2A6B43} - D:\DOCUME~1\bigman\APPLIC~1\LITEST~1\Boob Rule.exe (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DUControl] D:\Program Files\DirectUpdate\DUControl.exe
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sixthrectthat2] D:\Documents and Settings\All Users.WINNT\Application Data\cool byte sixth rect\32 FOUR.exe
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BarbCamp] D:\DOCUME~1\bigman\APPLIC~1\ARMYSE~1\FIND DOWNLOAD.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Greetings Workshop Reminders.lnk = D:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: BTTray.lnk = D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127358793757
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} (OTAutoInstall Class) - https://streaming.en...nloads/OTAI.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fusport.lan.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{A91EE0F2-C2DD-4BED-A421-0F21C9A9BC3C}: NameServer = 10.0.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fusport.lan.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fusport.lan.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: DirectUpdate engine (DirectUpdate) - http://www.directupdate.net/ - D:\PROGRA~1\DIRECT~1\DUService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - D:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - D:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:27:35 AM, 13/10/2005
+ Report-Checksum: 728BCF83

+ Scan result:

HKLM\SOFTWARE\AKSoft -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AKSoft\X-Tractor -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMLIB.EGComLibrary\CLSID\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMLIB.EGComLibrary.1\CLSID\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMLIB2.EGComLibrary2\CLSID\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMLIB2.EGComLibrary2.1\CLSID\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A02780C3-7F77-4E28-855B-28890F3CF37A} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/Downloaded Program Files/bridge.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/Downloaded Program Files/bridge.dll\\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/Downloaded Program Files/jao.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/Downloaded Program Files/jao.dll\\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/system32/EGCOMLIB2.dll\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/system32/EGCOMLIB2.dll\\{A02780C3-7F77-4E28-855B-28890F3CF37A} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/system32/EGCOMLIB_1035.dll\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/system32/EGCOMLIB_1035.dll\\{A02780C3-7F77-4E28-855B-28890F3CF37A} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/system32/netia32.dll\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINNT/system32/netia32.dll\\{1EB17D1C-141D-4D9D-91CB-24D99215851D} -> Dialer.Generic : Cleaned with backup
[2176] D:\DOCUME~1\bigman\APPLIC~1\LITEST~1\Boob Rule.exe -> TrojanDownloader.Swizzor.bo : Cleaned with backup
:mozilla.10:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.20:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.21:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.22:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.23:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.24:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.25:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.26:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.27:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.37:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.38:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.39:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.40:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.41:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.42:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.44:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.45:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.47:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.48:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.50:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.54:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.55:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.56:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.59:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.83:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.107:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Firefox\Profiles\eda3zmru.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.6:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Profiles\default\y969ywz6.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Profiles\default\y969ywz6.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.13:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Profiles\default\y969ywz6.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.14:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Profiles\default\y969ywz6.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.27:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Profiles\default\y969ywz6.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Profiles\default\y969ywz6.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:D:\Documents and Settings\Administrator.THOR\Application Data\Mozilla\Profiles\default\y969ywz6.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.46:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.61:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.62:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.63:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.64:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.65:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.74:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.126:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.127:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.129:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.131:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.135:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.140:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.145:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
-> : Error during cleaning
:mozilla.147:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.148:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.149:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.154:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.155:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.161:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.179:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.207:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
-> : Error during cleaning
:mozilla.235:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.236:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.237:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.238:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.239:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.240:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.241:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.247:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.248:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.251:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.258:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.260:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.261:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.262:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.11:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.12:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.14:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.15:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.20:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.29:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.30:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.31:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.32:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.33:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.38:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.41:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.44:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.46:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.47:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.53:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.54:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.55:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.56:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.60:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.71:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.72:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.106:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.107:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.115:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.116:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.117:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.118:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.119:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.120:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.121:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.122:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.123:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.124:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.125:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.139:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.154:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.157:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.158:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.159:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.160:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.161:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.162:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.163:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.170:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.171:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.172:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.173:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.174:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.176:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.177:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.178:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.179:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.180:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.190:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Custom-click : Cleaned with backup
:mozilla.191:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Custom-click : Cleaned with backup
:mozilla.211:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.214:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.215:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.216:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.226:D:\Documents and Settings\bigman\Application Data\Mozilla\Firefox\Profiles\8e8xxpch.default
  • 0

Advertisements

#2
Armodeluxe
Posted 16 October 2005 - 07:13 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Knolats, welcome to GeeksToGo

You have a LOP infection, which is most often transmitted by the sponsor program of Messenger Plus! 3 If you have that program, please uninstall it completely from Start -> Control Panel -> Add/Remove Programs and restart your computer. If you wish to keep the program once the infection is gone you can reinstall it without the sponsor program. Then post a new log.

This link explains it better:
http://chooseknowled...senger-Plus.htm

If you don't have Messenger Plus! 3, proceed with the below.

Next,download and unzip to one folder:
http://metallica.gee...com/findlop.zip

Inside the folder find findlop.bat

Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post along with a new HijackThis log.
  • 0

#3
Knolats
Posted 17 October 2005 - 01:13 AM

Knolats

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I haven't had MSN plus on my computer for aaages, but I followed the instructions on the link anyway.

Here's the HJT log. :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 5:13:13 PM, on 17/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\termsrv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\CTsvcCDA.EXE
D:\PROGRA~1\DIRECT~1\DUService.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINNT\system32\drivers\KodakCCS.exe
D:\WINNT\System32\llssrv.exe
D:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Microsoft SQL Server\MSSQL$FUSIONSPORT\Binn\sqlservr.exe
D:\WINNT\system32\nvsvc32.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\wins.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\Dfssvc.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\dns.exe
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\WINNT\System32\msdtc.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\devldr32.exe
D:\Program Files\DirectUpdate\DUControl.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
D:\WINNT\system32\ctfmon.exe
D:\WINNT\system32\RUNDLL32.EXE
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
D:\Program Files\Greetings Workshop\GWREMIND.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [DUControl] D:\Program Files\DirectUpdate\DUControl.exe
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [OpwareSE2] "D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "D:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "D:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Greetings Workshop Reminders.lnk = D:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: BTTray.lnk = D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127358793757
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} (OTAutoInstall Class) - https://streaming.en...nloads/OTAI.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fusport.lan.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{A91EE0F2-C2DD-4BED-A421-0F21C9A9BC3C}: NameServer = 10.0.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fusport.lan.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fusport.lan.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: DirectUpdate engine (DirectUpdate) - http://www.directupdate.net/ - D:\PROGRA~1\DIRECT~1\DUService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - D:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - D:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
  • 0

#4
Armodeluxe
Posted 17 October 2005 - 07:46 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Looks like it worked, the log looks clean now.. :tazz:

How is it on your end? If you're still having problems, follow the second part of my first post..
  • 0

#5
Knolats
Posted 22 October 2005 - 09:16 PM

Knolats

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey there! :tazz:

Thanks for the help so far, it is really appreciated! McAfee is still finding these Trojan: New Malware.u's - about 22 of them now.

Things are slightly faster, but it still lags a -lot- when I log in.

FindBat Log

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A0BA8EC491150548.job'
[FAIL ] ITaskScheduler::Activate(A0BA8EC491150548.job, IID_ITask) hr=0x80070005


[TRACE] Activating job 'B609E35493369198.job'
[FAIL ] ITaskScheduler::Activate(B609E35493369198.job, IID_ITask) hr=0x80070005


[TRACE] Activating job 'McAfee.com Scan for Viruses - My Computer (THOR-Adminis
trator).job'
[FAIL ] ITaskScheduler::Activate(McAfee.com Scan for Viruses - My Computer (THO
R-Administrator).job, IID_ITask) hr=0x80070005


[TRACE] Activating job 'McAfee.com Scan for Viruses - My Computer (THOR-lynm).j
ob'
[TRACE] Printing all job properties

ApplicationName: 'd:\program files\mcafee.com\vso\mcmnhdlr.exe'
Parameters: '/runtask:0'
WorkingDirectory: 'd:\program files\mcafee.com\vso'
Comment: 'McAfee.com Scan for Viruses - My Computer'
Creator: 'lynm'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 10/23/2005 14:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 08/19/2005
EndDate: 00/00/0000
StartTime: 14:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Update Check (THOR-Administrator).job'
[FAIL ] ITaskScheduler::Activate(McAfee.com Update Check (THOR-Administrator).j
ob, IID_ITask) hr=0x80070005


[TRACE] Activating job 'McAfee.com Update Check (THOR-bigman).job'
[FAIL ] ITaskScheduler::Activate(McAfee.com Update Check (THOR-bigman).job, IID
_ITask) hr=0x80070005


[TRACE] Activating job 'McAfee.com Update Check (THOR-lynm).job'
[TRACE] Printing all job properties

ApplicationName: 'D:\PROGRA~1\mcafee.com\agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'D:\PROGRA~1\mcafee.com\agent'
Comment: 'McAfee SecurityCenter periodically checks for updates for your McAfee Services.'
Creator: 'lynm'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 10/23/2005 15:54:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/23/2005
EndDate: 00/00/0000
StartTime: 15:54
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Update Check (THOR-zoe).job'
[FAIL ] ITaskScheduler::Activate(McAfee.com Update Check (THOR-zoe).job, IID_IT
ask) hr=0x80070005


________________________


Logfile of HijackThis v1.99.1
Scan saved at 1:15:23 PM, on 23/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\Explorer.EXE
D:\WINNT\system32\devldr32.exe
D:\Program Files\DirectUpdate\DUControl.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
d:\program files\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\TrojanHunter 4.2\THGuard.exe
D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
D:\Program Files\AIM95\aim.exe
D:\WINNT\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINNT\system32\taskmgr.exe
D:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nwn.bioware.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [DUControl] D:\Program Files\DirectUpdate\DUControl.exe
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [OpwareSE2] "D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "D:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "D:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127358793757
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EDD6C042-E583-42FA-9211-282AC1A99195} (OTAutoInstall Class) - https://streaming.en...nloads/OTAI.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fusport.lan.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{A91EE0F2-C2DD-4BED-A421-0F21C9A9BC3C}: NameServer = 10.0.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fusport.lan.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fusport.lan.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: DirectUpdate engine (DirectUpdate) - http://www.directupdate.net/ - D:\PROGRA~1\DIRECT~1\DUService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - D:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSSQL$FUSIONSPORT - Unknown owner - D:\Program Files\Microsoft SQL Server\MSSQL$FUSIONSPORT\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - D:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: SQLAgent$FUSIONSPORT - Unknown owner - D:\Program Files\Microsoft SQL Server\MSSQL$FUSIONSPORT\Binn\sqlagent.EXE (file missing)

Edited by Knolats, 22 October 2005 - 09:16 PM.

  • 0

#6
Armodeluxe
Posted 23 October 2005 - 07:08 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Open notepad and copy and paste the text in the box below in it:

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A0BA8EC491150548.job
del A0BA8EC491150548.job
attrib -r -s -h B609E35493369198.job
del B609E35493369198.job
exit

Save this as remjob.bat , choose to save it as *all files and place it on your desktop.

Doubleclick on remjob.bat. A doswindow will open and close again, this is normal.

Afterwards, doubleclick on findlop.bat again and paste the content of the txtfile you get in your next reply.


Go here to make an online scan:

http://www.pandasoft.../activescan.htm

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Then post it here.
  • 0

#7
Knolats
Posted 31 October 2005 - 12:40 AM

Knolats

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey there :)

Sorry for the lateness in getting back to you - have been uber busy lately. :)

Anyhoo - here are the logs you requested. :woot: (and I ran the removejob.bat :tazz:)

_____________________________________________________________________


FindBat Log

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A0BA8EC491150548.job'
[TRACE] Printing all job properties

ApplicationName: 'd:\docume~1\bigman\applic~1\armyse~1\LoveGreatSave.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'bigman'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/13/2005 6:00:00
NextRun: 10/31/2005 12:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/14/1998
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'B609E35493369198.job'
[TRACE] Printing all job properties

ApplicationName: 'd:\docume~1\bigman\applic~1\armyse~1\LoveGreatSave.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'bigman'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/13/2005 6:00:00
NextRun: 10/31/2005 12:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/04/1997
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Scan for Viruses - My Computer (THOR-Adminis
trator).job'
[TRACE] Printing all job properties

ApplicationName: 'd:\program files\mcafee.com\vso\mcmnhdlr.exe'
Parameters: '/runtask:0'
WorkingDirectory: 'd:\program files\mcafee.com\vso'
Comment: 'McAfee.com Scan for Viruses - My Computer'
Creator: 'Administrator'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 10/31/2005 15:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 08/19/2005
EndDate: 00/00/0000
StartTime: 15:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Scan for Viruses - My Computer (THOR-lynm).j
ob'
[TRACE] Printing all job properties

ApplicationName: 'd:\program files\mcafee.com\vso\mcmnhdlr.exe'
Parameters: '/runtask:0'
WorkingDirectory: 'd:\program files\mcafee.com\vso'
Comment: 'McAfee.com Scan for Viruses - My Computer'
Creator: 'lynm'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 10/31/2005 14:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 08/19/2005
EndDate: 00/00/0000
StartTime: 14:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Update Check (THOR-Administrator).job'
[TRACE] Printing all job properties

ApplicationName: 'D:\PROGRA~1\mcafee.com\agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'D:\PROGRA~1\mcafee.com\agent'
Comment: 'McAfee SecurityCenter periodically checks for updates for your McAfee Services.'
Creator: 'Administrator'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 10/31/2005 11:37:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 09/30/2005
EndDate: 00/00/0000
StartTime: 22:12
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Update Check (THOR-bigman).job'
[TRACE] Printing all job properties

ApplicationName: 'D:\PROGRA~1\mcafee.com\agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'D:\PROGRA~1\mcafee.com\agent'
Comment: 'McAfee SecurityCenter periodically checks for updates for your McAfee Services.'
Creator: 'bigman'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 10/31/2005 14:12:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/31/2005
EndDate: 00/00/0000
StartTime: 14:12
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Update Check (THOR-lynm).job'
[TRACE] Printing all job properties

ApplicationName: 'D:\PROGRA~1\mcafee.com\agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'D:\PROGRA~1\mcafee.com\agent'
Comment: 'McAfee SecurityCenter periodically checks for updates for your McAfee Services.'
Creator: 'lynm'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 10/31/2005 14:18:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/31/2005
EndDate: 00/00/0000
StartTime: 14:18
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Update Check (THOR-zoe).job'
[TRACE] Printing all job properties

ApplicationName: 'D:\PROGRA~1\mcafee.com\agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'D:\PROGRA~1\mcafee.com\agent'
Comment: 'McAfee SecurityCenter periodically checks for updates for your McAfee Services.'
Creator: 'zoe'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 10/31/2005 11:36:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 09/18/2005
EndDate: 00/00/0000
StartTime: 17:36
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


_________________________________________________________________


Panda Activescan Log


Incident Status Location

Adware:adware/transponder No disinfected D:\Documents and Settings\bigman\Local Settings\Temp\dummy.htm
Spyware:spyware/bridge No disinfected D:\WINNT\DOWNLOADED PROGRAM FILES\bridge.inf
Dialer:dialer.b No disinfected D:\WINNT\SYSTEM32\mseggrpid.dll
Adware:adware/ncase No disinfected D:\WINNT\msbb.log
Adware:adware/twain-tech No disinfected D:\Documents and Settings\bigman\Local Settings\Temp\THI1992.tmp
Adware:adware/slagent No disinfected Windows Registry
Adware:Adware/Lop No disinfected D:\Documents and Settings\Administrator.THOR\Local Settings\Temporary Internet Files\Content.IE5\456789QF\newpass2[2].htm
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your archive\your_archive.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: My details\my_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.F.worm Disinfected Archive Folders\Deleted Items\Re: Document\your_document.pif
Virus:W32/Netsky.F.worm Disinfected Archive Folders\Deleted Items\Re: Your details\your_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your details\your_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your product\your_product.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your details\your_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Re: Thanks!\document.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Re: Re: Your document\document_4351.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Excel file\document_excel.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your letter\your_letter.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Your product\your_product.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Your software\application.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Details\my_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Word file\document_word.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your bill\your_bill.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: My details\my_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Re: Re: Your document\document_4351.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Re: Message\message_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Here\yours.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Word file\document_word.pif
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Here is the document\document_full.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your music\mp3music.pif
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your document\your_document.pif
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Approved\all_document.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your text\your_text.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your music\mp3music.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: My details\my_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your picture\your_picture.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your picture\your_picture.pif
Virus:W32/Netsky.B.worm Disinfected Archive Folders\Deleted Items\something for you\textfile.zip[textfile.rtf.exe]
Virus:W32/Netsky.Z.worm Disinfected Archive Folders\Deleted Items\Important\Details.zip[Details.txt .exe]
Virus:W32/Netsky.Z.worm Disinfected Archive Folders\Deleted Items\Document\Details.zip[Details.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Delivery Status Notification (Failure)\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: Old times\old_photos.zip[document.txt .exe]
Virus:W32/Mabutu.A.worm Disinfected Archive Folders\Deleted Items\Hello\photo[1].zip[photo[1].txt .scr]
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\0i09u5rug08r89589gjrg\id09509_lyn.moore.zip[data.rtf .scr]
Virus:W32/Sober.I.worm Renamed Archive Folders\Deleted Items\Re: Mail_Delivery_failure <4368>\netconnect.pif
Virus:W32/Sober.I.worm Renamed Archive Folders\Deleted Items\illegal signs in your mail <6542>\auto__mail.parliament6312.pif
Virus:W32/Sober.I.worm Renamed Archive Folders\Deleted Items\illegal signs in your mail\yahoo8400.zip[message_text.txt .pif]
Virus:W32/Sober.I.worm Renamed Archive Folders\Deleted Items\FwD: Faulty_mail delivery <8089>\re_mail.zip[message_text.txt .pif]
Virus:W32/Netsky.C.worm Disinfected Archive Folders\Deleted Items\i have received this.\dinner_freaky.zip[dinner_freaky.doc.com]
Virus:W32/Netsky.C.worm Disinfected Archive Folders\Deleted Items\Antispam is turned off. See file!\information.zip[information.pif]
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\my product\product.zip[document.txt .exe]
Virus:W32/Netsky.C.worm Disinfected Archive Folders\Deleted Items\last chance!\mydate.zip[mydate.doc.scr]
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Stolen document\your_document.zip[document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: hello\bill.zip[document.txt .exe]
Virus:W32/Netsky.Z.worm Disinfected Archive Folders\Deleted Items\Hello\Bill.zip[Bill.txt .exe]
Virus:W32/Netsky.Z.worm Disinfected Archive Folders\Deleted Items\Information\Part-2.zip[Part-2.txt .exe]
Virus:W32/Bagle.pwdzip Disinfected Archive Folders\Deleted Items\Re:\Doll.zip
Virus:Trj/DropMimail.A Disinfected Archive Folders\Sent Items\FW: your account iamiaypa\message.zip
Virus:Trj/DropMimail.A Disinfected Archive Folders\Sent Items\FW: your account airaakpa\message.zip
Virus:Trj/DropMimail.A Disinfected Archive Folders\Sent Items\FW: your account kpmksqos\message.zip
Virus:Trj/DropMimail.A Disinfected Archive Folders\Sent Items\FW: your account calcovuo\message.zip
Virus:Trj/DropMimail.A Disinfected Archive Folders\Sent Items\FW: your account aeiakoek\message.zip
Virus:Trj/DropMimail.A Disinfected Archive Folders\Sent Items\FW: your account aaxarmer\message.zip
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.F.worm Disinfected Personal Folders\Deleted Items\Re: Document\your_document.pif
Virus:W32/Netsky.F.worm Disinfected Personal Folders\Deleted Items\Re: Your details\your_details.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your details\your_details.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your product\your_product.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your details\your_details.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Re: Thanks!\document.pif
Virus:VBS/Bagle.Q Disinfected Personal Folders\Deleted Items\Re: Re: Re: Your document\document_4351.pif
Virus:VBS/Bagle.Q Disinfected Personal Folders\Deleted Items\Re: Excel file\document_excel.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your letter\your_letter.pif
Virus:VBS/Bagle.Q Disinfected Personal Folders\Deleted Items\Re: Your product\your_product.pif
Virus:VBS/Bagle.Q Disinfected Personal Folders\Deleted Items\Re: Your software\application.pif
Virus:VBS/Bagle.Q Disinfected Personal Folders\Deleted Items\Re: Details\my_details.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Word file\document_word.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your bill\your_bill.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: My details\my_details.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Re: Re: Your document\document_4351.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Re: Message\message_details.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Here\yours.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Word file\document_word.pif
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Here is the document\document_full.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your music\mp3music.pif
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your document\your_document.pif
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Personal Folders\Deleted Items\Re: Approved\all_document.pif
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Inbox\Latest Internet Critical Upgrade\install.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Inbox\Latest Network Pack\UPGRADE33.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Inbox\New Internet Security Upgrade\Pack4989.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Inbox\Newest Internet Critical Pack\patch.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Inbox\Current Microsoft Security Pack\install.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Inbox\Newest Critical Upgrade\Qmnhu.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Inbox\new critical upgrade\Q631635.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Inbox\Newest Critical Upgrade\Qmnhu.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Inbox\Newest Microsoft Patch\Q652642.exe
Adware:Adware/Lop No disinfected D:\Documents and Settings\lynm\Local Settings\Temporary Internet Files\Content.IE5\WXAJW5QF\newpass2[1].htm
Adware:Adware/FlashTrack No disinfected D:\Documents and Settings\zoe\Local Settings\Temporary Internet Files\Content.IE5\X2MW9LEB\channels_02[1].gif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.F.worm Disinfected Archive Folders\Deleted Items\Re: Document\your_document.pif
Virus:W32/Netsky.F.worm Disinfected Archive Folders\Deleted Items\Re: Your details\your_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your details\your_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your document\your_document.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your product\your_product.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your details\your_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Re: Thanks!\document.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Re: Re: Your document\document_4351.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Excel file\document_excel.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your software\application.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your letter\your_letter.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Your product\your_product.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Your software\application.pif
Virus:VBS/Bagle.Q Disinfected Archive Folders\Deleted Items\Re: Details\my_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Word file\document_word.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Your bill\your_bill.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: My details\my_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Re: Re: Your document\document_4351.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Re: Message\message_details.pif
Virus:W32/Netsky.D.worm Disinfected Archive Folders\Deleted Items\Re: Here\yours.pif
  • 0

#8
Armodeluxe
Posted 31 October 2005 - 10:03 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
The scheduled tasks are still there, let's try this again, in safe mode.

Please print these instructions for use in safe mode.

Open notepad and copy and paste the text in the box below in it:

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A0BA8EC491150548.job
del A0BA8EC491150548.job
attrib -r -s -h B609E35493369198.job
del B609E35493369198.job
exit

Save this as remjob.bat , choose to save it as *all files and place it on your desktop. Do this on an account with administrator rights.

First, download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Please download Ewido Security Suite (do NOT run it yet!)
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed
  • After the updates are installed, exit Ewido
Then boot into safe mode by tapping the F8 key just before Windows starts to load. Make sure you choose the same account on whose desktop you saved remjob.bat.

Doubleclick on remjob.bat. A doswindow will open and close again, this is normal.

Reconfigure Windows 2000 to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Then delete this folder if present:

d:\documents and settings\bigman\application data\armyse~1 <--this is a Windows abbreviation, the first 6 letters of the folder name will be armyse

and delete these files:

D:\Documents and Settings\bigman\Local Settings\Temp\dummy.htm
D:\WINNT\DOWNLOADED PROGRAM FILES\bridge.inf
D:\WINNT\SYSTEM32\mseggrpid.dll
D:\WINNT\msbb.log
D:\Documents and Settings\bigman\Local Settings\Temp\THI1992.tmp
D:\Documents and Settings\Administrator.THOR\Local Settings\Temporary Internet Files\Content.IE5\456789QF\newpass2[2].htm
D:\Documents and Settings\lynm\Local Settings\Temporary Internet Files\Content.IE5\WXAJW5QF\newpass2[1].htm
D:\Documents and Settings\zoe\Local Settings\Temporary Internet Files\Content.IE5\X2MW9LEB\channels_02[1].gif

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

If Cleanup! asks if you want to reboot, click NO

Open Ewido
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot back to normal mode.

Afterwards, doubleclick on findlop.bat again and paste the content of the txtfile you get in your next reply.

Also, I will need to see a HijackThis log seperately from all four accounts, if that's all of them, if not add any account not listed:

bigman
Administrator.THOR
lynm
zoe

So please post a new findlop log, the Ewido log, and a new HijackThis log from every account seperately.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP