Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Virus Infefection/ W32/alemod.f.dll


  • Please log in to reply
1 reply to this topic

#1 jwade

jwade

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 08 December 2005 - 02:44 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:37:18 PM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Documents and Settings\John Ward\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\JW'STE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

and the bitdefender log-if it's helpful-

BitDefender Online Scanner



Scan report generated at: Thu, Dec 08, 2005 - 12:51:33





Scan path: C:\Documents and Settings\Jared Walls\My Documents;C:\Documents and Settings\John Ward\My Documents;C:\Documents and Settings\Sara Walls\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\;E:\;







Statistics

Time
02:29:20

Files
657292

Folders
13426

Boot Sectors
6

Archives
17131

Packed Files
59000




Results

Identified Viruses
21

Infected Files
45

Suspect Files
3

Warnings
0

Disinfected
13

Deleted Files
44




Engines Info

Virus Definitions
242081

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Detected with: Adware.Wheaterbug.A

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Disinfection failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE
Update failed

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Detected with: Adware.Wheaterbug.A

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Disinfection failed

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Deleted

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP362\A0026724.dll
Detected with: Adware.Wheaterbug.A

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP362\A0026724.dll
Disinfection failed

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP362\A0026724.dll
Deleted

E:\oldwinnt\SYSTEM32\MUI\0009\ftp
Infected with: Backdoor.BotGet.FtpB.Gen

E:\oldwinnt\SYSTEM32\MUI\0009\ftp
Deleted

E:\oldwinnt\Socks.exe
Infected with: Trojan.Suckspro.A

E:\oldwinnt\Socks.exe
Disinfection failed

E:\oldwinnt\Socks.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Don't forget what day it is!][From: mbrindle@us.ibm.com]=>aprilfooljoke.exe
Infected with: Trojan.Multidropper.BG

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Don't forget what day it is!][From: mbrindle@us.ibm.com]=>aprilfooljoke.exe
Disinfection failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Don't forget what day it is!][From: mbrindle@us.ibm.com]=>aprilfooljoke.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: View of the future ?][From: mbrindle@us.ibm.com]=>jan1st20.exe
Infected with: Joke.Flipped

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: View of the future ?][From: mbrindle@us.ibm.com]=>jan1st20.exe
Disinfection failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: View of the future ?][From: mbrindle@us.ibm.com]=>jan1st20.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: How hot is it in Texas][From: mbrindle@us.ibm.com]=>heat.exe
Infected with: Joke.Schmilz

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: How hot is it in Texas][From: mbrindle@us.ibm.com]=>heat.exe
Disinfection failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: How hot is it in Texas][From: mbrindle@us.ibm.com]=>heat.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst=>[Subject: Don't forget what day it is!][From: mbrindle@us.ibm.com]=>aprilfooljoke.exe
Infected with: Trojan.Multidropper.BG

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst=>[Subject: Don't forget what day it is!][From: mbrindle@us.ibm.com]=>aprilfooljoke.exe
Disinfection failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst=>[Subject: Don't forget what day it is!][From: mbrindle@us.ibm.com]=>aprilfooljoke.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst=>[Subject: View of the future ?][From: mbrindle@us.ibm.com]=>jan1st20.exe
Infected with: Joke.Flipped

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst=>[Subject: View of the future ?][From: mbrindle@us.ibm.com]=>jan1st20.exe
Disinfection failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst=>[Subject: View of the future ?][From: mbrindle@us.ibm.com]=>jan1st20.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst=>[Subject: How hot is it in Texas][From: mbrindle@us.ibm.com]=>heat.exe
Infected with: Joke.Schmilz

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst=>[Subject: How hot is it in Texas][From: mbrindle@us.ibm.com]=>heat.exe
Disinfection failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst=>[Subject: How hot is it in Texas][From: mbrindle@us.ibm.com]=>heat.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Microsoft\Outlook\backup.pst
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx=>(message 166)=>[Subject: Meeting with FRA][Date: Tue, 15 Feb 2000 08:36:48 -0600]=>(MIME part)=>UT2000c.doc
Infected with: W97M.Ethan.A

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx=>(message 166)=>[Subject: Meeting with FRA][Date: Tue, 15 Feb 2000 08:36:48 -0600]=>(MIME part)=>UT2000c.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx=>(message 166)=>[Subject: Meeting with FRA][Date: Tue, 15 Feb 2000 08:36:48 -0600]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx=>(message 166)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx
Update failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx=>(message 180)=>[Subject: Seneca Proposed Scope for '2000][Date: Wed, 5 Jan 2000 09:20:26 -0600]=>(MIME part)=>UT2000c.doc
Infected with: W97M.Ethan.A

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx=>(message 180)=>[Subject: Seneca Proposed Scope for '2000][Date: Wed, 5 Jan 2000 09:20:26 -0600]=>(MIME part)=>UT2000c.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx=>(message 180)=>[Subject: Seneca Proposed Scope for '2000][Date: Wed, 5 Jan 2000 09:20:26 -0600]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx=>(message 180)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\FRA.dbx
Update failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 302)=>[Subject: How hot is it in Texas][Date: Wed, 19 Jul 2000 15:58:07 -0400]=>(MIME part)=>heat.exe
Infected with: Joke.Schmilz

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 302)=>[Subject: How hot is it in Texas][Date: Wed, 19 Jul 2000 15:58:07 -0400]=>(MIME part)=>heat.exe
Disinfection failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 302)=>[Subject: How hot is it in Texas][Date: Wed, 19 Jul 2000 15:58:07 -0400]=>(MIME part)=>heat.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 302)=>[Subject: How hot is it in Texas][Date: Wed, 19 Jul 2000 15:58:07 -0400]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 302)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx
Update failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 433)=>[Subject: Electra Advanced Pulsed Power Workshop][Date: Fri, 14 Jan 2000 08:46:57 -0700]=>(MIME part)=>AdvElwsh.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 433)=>[Subject: Electra Advanced Pulsed Power Workshop][Date: Fri, 14 Jan 2000 08:46:57 -0700]=>(MIME part)=>AdvElwsh.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 433)=>[Subject: Electra Advanced Pulsed Power Workshop][Date: Fri, 14 Jan 2000 08:46:57 -0700]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 433)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx
Update failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 497)=>[Subject: View of the future ?][Date: Tue, 30 Nov 1999 13:43:05 -0600]=>(MIME part)=>jan1st20.exe
Infected with: Joke.Flipped

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 497)=>[Subject: View of the future ?][Date: Tue, 30 Nov 1999 13:43:05 -0600]=>(MIME part)=>jan1st20.exe
Disinfection failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 497)=>[Subject: View of the future ?][Date: Tue, 30 Nov 1999 13:43:05 -0600]=>(MIME part)=>jan1st20.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 497)=>[Subject: View of the future ?][Date: Tue, 30 Nov 1999 13:43:05 -0600]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 497)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx
Update failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA- SUMMARY.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA- SUMMARY.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>TABLE OF CONTENTS.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>TABLE OF CONTENTS.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-1-0.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-1-0.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-2-0.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-2-0.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-3-0.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-3-0.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-4-0.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-4-0.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-5-0.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-5-0.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-6-0.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>CIFGA-6-0.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>matrix3.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)=>matrix3.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)=>[Subject: CPES][Date: Thu, 17 Jun 1999 09:32:48 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 624)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx
Update failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 629)=>[Subject: ][Date: Thu, 17 Jun 1999 14:47:33 -0500]=>(MIME part)=>TABLE OF CONTENTS.doc
Infected with: W97M.Class.{D,DB-DC}

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 629)=>[Subject: ][Date: Thu, 17 Jun 1999 14:47:33 -0500]=>(MIME part)=>TABLE OF CONTENTS.doc
Disinfected

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 629)=>[Subject: ][Date: Thu, 17 Jun 1999 14:47:33 -0500]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 629)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx
Update failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 739)=>[Subject: Don't forget what day it is!][Date: Thu, 1 Apr 1999 09:45:48 -0600]=>(MIME part)=>aprilfooljoke.exe
Infected with: Trojan.Multidropper.BG

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 739)=>[Subject: Don't forget what day it is!][Date: Thu, 1 Apr 1999 09:45:48 -0600]=>(MIME part)=>aprilfooljoke.exe
Disinfection failed

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 739)=>[Subject: Don't forget what day it is!][Date: Thu, 1 Apr 1999 09:45:48 -0600]=>(MIME part)=>aprilfooljoke.exe
Deleted

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 739)=>[Subject: Don't forget what day it is!][Date: Thu, 1 Apr 1999 09:45:48 -0600]=>(MIME part)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx=>(message 739)
Updated

E:\olddocs\Alan Walls\Local Settings\Application Data\Identities\{4F6B2E7C-3A94-45E0-8C62-7D4544413469}\Microsoft\Outlook Express\Misc.dbx
Update failed

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Temp\MiniBug.exe
Detected with: Adware.Wheaterbug.A

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Temp\MiniBug.exe
Disinfection failed

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Temp\MiniBug.exe
Deleted

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[From: Microsoft Email System (MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[From: Microsoft Email System (MIME part)=>(message body)
Disinfection failed

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[From: Microsoft Email System (MIME part)=>(message body)
Deleted

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[From: Microsoft Email System (MIME part)
Updated

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)
Updated

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx
Update failed

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Letter][Date: Mon, 06 Sep 2004 21:19:01 +0200]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Letter][Date: Mon, 06 Sep 2004 21:19:01 +0200]=>(MIME part)=>(message body)
Disinfection failed

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Letter][Date: Mon, 06 Sep 2004 21:19:01 +0200]=>(MIME part)=>(message body)
Deleted

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Letter][Date: Mon, 06 Sep 2004 21:19:01 +0200]=>(MIME part)
Updated

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)
Updated

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx
Update failed

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 9)=>[Subject: error notice][Date: Thu, 29 Jul 2004 11:23:00 -0400 (EDT)]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 9)=>[Subject: error notice][Date: Thu, 29 Jul 2004 11:23:00 -0400 (EDT)]=>(MIME part)=>(message body)
Disinfection failed

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 9)=>[Subject: error notice][Date: Thu, 29 Jul 2004 11:23:00 -0400 (EDT)]=>(MIME part)=>(message body)
Deleted

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 9)=>[Subject: error notice][Date: Thu, 29 Jul 2004 11:23:00 -0400 (EDT)]=>(MIME part)
Updated

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx=>(message 9)
Updated

E:\olddocs\Alan Walls.SAIC-1SJYFHSFXS\Local Settings\Application Data\Identities\{52FB79D0-EE44-4102-B1D4-7CA1DA76DAD4}\Microsoft\Outlook Express\Inbox.dbx
Update failed

E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP362\A0026725.exe
Infected with: Trojan.Suckspro.A

E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP362\A0026725.exe
Disinfection failed

E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP362\A0026725.exe
Deleted

E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP362\A0026726.exe
Detected with: Adware.Wheaterbug.A

E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP362\A0026726.exe
Disinfection failed

E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP362\A0026726.exe
Deleted

E:\oldwindows\system32\KVIF_7.dll
Infected with: Trojan.Downloader.Keenval.E

E:\oldwindows\system32\KVIF_7.dll
Disinfection failed

E:\oldwindows\system32\KVIF_7.dll
Deleted

E:\oldwindows\system32\bAs.dll
Infected with: Trojan.Dropper.Small.GV

E:\oldwindows\system32\bAs.dll
Disinfection failed

E:\oldwindows\system32\bAs.dll
Deleted

E:\oldwindows\backup\TB040921.DAT=>(Embedded EXE g)
Infected with: Trojan.Imiserv.C

E:\oldwindows\backup\TB040921.DAT=>(Embedded EXE g)
Disinfection failed

E:\oldwindows\backup\TB040921.DAT=>(Embedded EXE g)
Deleted

E:\oldwindows\backup\TB040921.DAT
Update failed

E:\oldwindows\backup\TB040921.DAT=>(Embedded EXE g)
Infected with: Trojan.Imiserv.C

E:\oldwindows\backup\TB040921.DAT=>(Embedded EXE g)
Disinfection failed

E:\oldwindows\backup\TB040921.DAT=>(Embedded EXE g)
Deleted

E:\oldwindows\backup\TB040921.DAT
Update failed

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\04674030=>(Quarantine-2)
Infected with: Trojan.Downloader.Dyfuca.BN

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\04674030=>(Quarantine-2)
Disinfection failed

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\04674030=>(Quarantine-2)
Deleted

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\544C33C4=>(Quarantine-2)
Detected with: Application.Remadm.Remoteanythng

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\544C33C4=>(Quarantine-2)
Disinfection failed

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\544C33C4=>(Quarantine-2)
Deleted

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\5D3F517C=>(Quarantine-2)
Infected with: Win32.Worm.Welchia.A

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\5D3F517C=>(Quarantine-2)
Deleted

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\223A05D4=>(Quarantine-2)
Infected with: Trojan.Purity.A

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\223A05D4=>(Quarantine-2)
Disinfection failed

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\223A05D4=>(Quarantine-2)
Deleted

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\5145045D=>(Quarantine-2)
Infected with: Trojan.Bat.Noshare.C

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\5145045D=>(Quarantine-2)
Disinfection failed

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\5145045D=>(Quarantine-2)
Deleted

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\385F75A5=>(Quarantine-2)
Infected with: Trojan.Clicker.Vb.CA

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\385F75A5=>(Quarantine-2)
Disinfection failed

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\385F75A5=>(Quarantine-2)
Deleted

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\370E4670=>(Quarantine-2)
Infected with: Trojan.Downloader.Totavel.A

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\370E4670=>(Quarantine-2)
Disinfection failed

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\370E4670=>(Quarantine-2)
Deleted

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\5D407D76=>(Quarantine-2)
Infected with: Trojan.Downloader.Dyfuca.J

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\5D407D76=>(Quarantine-2)
Disinfection failed

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\5D407D76=>(Quarantine-2)
Deleted

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\41D86F35=>(Quarantine-2)
Infected with: Trojan.BettInet.A

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\41D86F35=>(Quarantine-2)
Disinfection failed

E:\oldprogs\Norton Internet Security\Norton AntiVirus\Quarantine\41D86F35=>(Quarantine-2)
Deleted

E:\oldprogs\AWS\WeatherBug\MiniBugTransporter.dll
Detected with: Adware.Wheaterbug.A

E:\oldprogs\AWS\WeatherBug\MiniBugTransporter.dll
Disinfection failed

E:\oldprogs\AWS\WeatherBug\MiniBugTransporter.dll
Deleted

E:\My Downloads\Sysfiles\WxBug.EXE=>wise0008
Detected with: Adware.Wheaterbug.A

E:\My Downloads\Sysfiles\WxBug.EXE=>wise0008
Disinfection failed

E:\My Downloads\Sysfiles\WxBug.EXE=>wise0008
Deleted

E:\My Downloads\Sysfiles\WxBug.EXE
Update failed

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 December 2005 - 08:01 AM

Hi jwade and Welcome to the Bleeping Computer!

This could get complicated with the Multiple drives installed and it appears that drive E has many problems.


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


Post back with a fresh HijackThis log and the results of WinPFind and Blacklight.

Edited by Cretemonster, 11 December 2005 - 08:01 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users