Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Oinadserver Removal


  • This topic is locked This topic is locked
15 replies to this topic

#1 jjcircle

jjcircle

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 09 January 2006 - 10:57 PM

Oinadserver is killing me. I've gotten rid of tons of bad stuff on my pc, but this one will not go. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:36:14 PM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\msvcrs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\apsi\wtta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\w3w.exe
C:\WINDOWS\SYSTEM32\??rss.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPRV10.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YZI1234N\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53B48C09-64CD-413E-E960-18231BB8C7CB} - C:\WINDOWS\system32\nppnxi.dll
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\jkklk.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\ssttt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Owner\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [kbibcx] C:\WINDOWS\kbibcx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [furot] C:\WINDOWS\furot.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\DLLLOADRS.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wbk] C:\WINDOWS\system32\??rss.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton Class) - https://www.cwinsider.com/cwi/frntd/advantedge/TSAEButn.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://statusmart.countrywide.com/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://wpn.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://ideal.cwinsider.com/download/spotlight/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/296ef0178e134b984822/...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://wpn.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://wpn.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://classlive.ecollege.com/~sdk/SDK/paste/lsiw2k.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFXScan.cab
O20 - Winlogon Notify: jkklk - C:\WINDOWS\system32\jkklk.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\SYSTEM32\ssttt.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Secure MSVS (MicroService32) - Unknown owner - C:\WINDOWS\msvcrs.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:50 AM

Posted 10 January 2006 - 09:34 AM

Hello,

This is a really nasty log. :thumbsup:

Is your Mcafee still up to date?

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* download VirtumundoBeGone from:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

* Save it to your Desktop

* reboot your system
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated

please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.

VirtumundoBeGone generates a "log" file of its own, which it should have placed on your Desktop. I'll ask that log later.

REBOOT

* Please uninstall Zango via controlpanel > software > add/remove programs

* Please set your system to show all files; please see here if you're unsure how to do this.

* Please download ATF Cleaner by Atribune to your desktop.
Do not use it yet.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: (no name) - {53B48C09-64CD-413E-E960-18231BB8C7CB} - C:\WINDOWS\system32\nppnxi.dll
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\jkklk.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\ssttt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Owner\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [kbibcx] C:\WINDOWS\kbibcx.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [furot] C:\WINDOWS\furot.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\DLLLOADRS.EXE
O4 - HKCU\..\Run: [Wbk] C:\WINDOWS\system32\??rss.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton Class) - https://www.cwinsider.com/cwi/frntd/advantedge/TSAEButn.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://statusmart.countrywide.com/ScriptX.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://wpn.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/296ef0178e134b984822/...ip/RdxIE601.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://wpn.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://wpn.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://classlive.ecollege.com/~sdk/SDK/paste/lsiw2k.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFXScan.cab
O20 - Winlogon Notify: jkklk - C:\WINDOWS\system32\jkklk.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\SYSTEM32\ssttt.dll
O23 - Service: Secure MSVS (MicroService32) - Unknown owner - C:\WINDOWS\msvcrs.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\msvcrs.exe
C:\Program Files\apsi <== folder
c:\program files\zango <== folder
C:\WINDOWS\kbibcx.exe
C:\WINDOWS\furot.exe
C:\WINDOWS\DLLLOADRS.EXE

* Still in safe mode Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer"
8. When the scan is complete choose to save the results as "Save as Text"
9. Post the Kaspersky scan results in your next reply together a fresh HijackThis log, the Virtumundobegone-log, which is present on your desktop and the ewido-log so I can take another look.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jjcircle

jjcircle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 11 January 2006 - 10:15 PM

Sorry, tried to post all at once and it cut off halfway through, so deleted it and posted them one at a time which follow...

Jim

Edited by jjcircle, 11 January 2006 - 10:27 PM.


#4 jjcircle

jjcircle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 11 January 2006 - 10:19 PM

Sorry, complete Ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:41:29 AM, 1/11/2006
+ Report-Checksum: F38B17DD

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFC0F970C27} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA Software Installer -> Spyware.SafeSurfing : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000020DD-C72E-4113-AF77-DD56626C6C42} -> Spyware.TwainTech : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82315A18-6CFB-44A7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKU\.DEFAULT\Software\zango -> Spyware.Zango : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000020DD-C72E-4113-AF77-DD56626C6C42} -> Spyware.TwainTech : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{666E4D35-E955-11D0-A707-000000521958} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82315A18-6CFB-44A7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKU\S-1-5-21-4217759621-2387590086-153489426-1003\Software\zango -> Spyware.Zango : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000020DD-C72E-4113-AF77-DD56626C6C42} -> Spyware.TwainTech : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82315A18-6CFB-44A7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-18\Software\zango -> Spyware.Zango : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adbutler[2].txt -> Spyware.Cookie.Adbutler : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@data4.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ehg-adteractive.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ehg-bestbuy.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ehg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\678IS2LM\drapu[1].exe -> Downloader.ConHook.n : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HRABC4EX\MediaGateway[1].exe -> Spyware.WinAD : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ecbk4o3t.slt\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20060110-233731-422.dll -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20060110-233734-785.dll -> Spyware.Comet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\drapu.exe -> Downloader.ConHook.n : Cleaned with backup
C:\mg1.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\filesubmit\lotr_setup.exe\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\filesubmit\lotr_setup.exe\TBEZA127Q.exe -> Spyware.Quick : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\02A5098B-614F-45FF-9692-65A3D2\CC7C560A-6B4A-4210-892F-4691DC -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\349C25D1-8C2E-49F1-897F-DFC22C\9CDDF06E-3822-4134-82DB-E19784 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9A79AAB2-2734-420F-8FA2-E6C6D8\AFD1C716-982F-48EF-9AA9-F91266 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B1FCA686-78CE-4DBB-B01A-3BB0FE\35307F28-012F-40D6-84DD-05AECA -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4914C16-A4EA-479B-BE5E-606D99\ACA9E233-B287-4A4D-87CC-A9B2DA -> Spyware.WinAD : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP865\A0110423.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP866\A0110478.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP866\A0111393.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP870\A0111426.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP884\A0112598.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP887\A0113602.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP891\A0113660.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP891\A0113661.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP891\A0114661.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP900\A0114804.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP901\A0114837.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP901\A0115837.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP901\A0115838.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP901\A0115844.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP901\A0115845.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP901\A0115851.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP902\A0115862.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP902\A0115865.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP902\A0116863.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP909\A0120103.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP909\A0120104.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP909\A0120110.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP909\A0120111.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP916\A0120203.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP916\A0120204.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP921\A0121383.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP925\A0121471.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP927\A0121497.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP927\A0121514.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP927\A0121525.dll -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP927\A0121530.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP929\A0121652.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP929\A0121653.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP929\A0121659.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP929\A0121660.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP929\A0121662.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP930\A0121667.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP930\A0122659.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP930\A0122660.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP930\A0122664.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP931\A0122672.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP931\A0122958.dll -> Spyware.Quick : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP932\A0123001.dll -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP932\A0123002.exe -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP932\A0123063.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP932\A0123065.exe -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP934\A0123092.exe -> Spyware.Quick : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP934\A0123098.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP935\A0123251.dll -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP935\A0123252.exe -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP937\A0124097.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP939\A0124128.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124210.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124211.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124212.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124213.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124214.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124215.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124216.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124217.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124221.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124222.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124223.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124224.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124225.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124226.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124227.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124228.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124229.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124230.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124231.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124232.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124233.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124234.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124235.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124236.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124237.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124250.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124251.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP940\A0124252.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP941\A0124256.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP941\A0124257.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP941\A0124258.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP942\A0124306.dll -> Spyware.SideSearch : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP942\A0124307.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124351.dll -> Downloader.ConHook.w : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124355.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124376.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124390.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124393.dll -> Spyware.Comet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124433.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124433.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124441.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124442.exe -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125021.exe -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\msvcrs.exe -> Backdoor.SdBot.xd : Cleaned with backup
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\awtqn.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awtqo.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awtqp.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awtqq.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awtqr.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awtsp.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awtsr.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awtss.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awtst.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awvtq.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awvtr.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awvts.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awvtt.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awvvs.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awvvt.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awvvv.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\awvvw.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddaba.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddabx.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddaby.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddaya.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddayv.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddayw.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddayx.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddayy.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddcca.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddccb.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddccc.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddccd.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddccy.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddcyv.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddcyw.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddcyx.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddcyy.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\gebcb.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\gebcc.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\gebcd.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\gebcy.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\gebya.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\gebyv.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\gebyx.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\gebyy.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\geeba.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\geebb.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\geebc.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\geebx.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\geeby.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\geeda.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\geedc.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\geedd.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\geede.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhfc.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhfd.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhfe.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhff.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhfg.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhhe.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhhf.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhhg.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhhh.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhhi.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkkjg.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkkjh.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkkji.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkkjj.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkkjk.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkklm.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljgd.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljge.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljgf.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljgg.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljjg.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljjh.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljji.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljjj.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljjk.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mlljg.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mlljh.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mllji.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mlljj.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mlljk.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mllmk.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mllml.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mllmm.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mllmn.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\mѕiexec.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmkhe.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmkhg.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmkhh.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmkhi.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmkjh.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmkji.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmkjj.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmkjk.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnli.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnlj.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnlk.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnll.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnlm.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnnk.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnnl.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnnm.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnnn.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnno.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ssqpm.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ssqpn.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ssqpo.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ssqpp.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\SYSTEM32\ssqpq.dll -> Downloader.ConHook.w : Cleaned with backup
C:

#5 jjcircle

jjcircle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 11 January 2006 - 10:20 PM

Ok, now the VBG log:


[01/10/2006, 22:28:32] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\89ABCDWX\VirtumundoBeGone[1].exe" )
[01/10/2006, 22:28:39] - Detected System Information:
[01/10/2006, 22:28:39] - Windows Version: 5.1.2600, Service Pack 2
[01/10/2006, 22:28:39] - Current Username: Owner (Admin)
[01/10/2006, 22:28:39] - Windows is in NORMAL mode.
[01/10/2006, 22:28:39] - Searching for Browser Helper Objects:
[01/10/2006, 22:28:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 22:28:39] - BHO 2: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} (Comcast Toolbar)
[01/10/2006, 22:28:39] - BHO 3: {53B48C09-64CD-413E-E960-18231BB8C7CB} ()
[01/10/2006, 22:28:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/10/2006, 22:28:39] - Checking for HKLM\...\Winlogon\Notify\nppnxi
[01/10/2006, 22:28:39] - Key not found: HKLM\...\Winlogon\Notify\nppnxi, continuing.
[01/10/2006, 22:28:39] - BHO 4: {56F1D444-11BF-4879-A12B-79CF0177F038} (Zango Search Assistant Helper)
[01/10/2006, 22:28:39] - BHO 5: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 22:28:39] - ALERT: Found ATLDistrib Object!
[01/10/2006, 22:28:39] - BHO 6: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} ()
[01/10/2006, 22:28:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/10/2006, 22:28:39] - Checking for HKLM\...\Winlogon\Notify\ssttt
[01/10/2006, 22:28:39] - Found: HKLM\...\Winlogon\Notify\ssttt - This is probably Virtumundo.
[01/10/2006, 22:28:39] - Assigning {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} MSEvents Object
[01/10/2006, 22:28:39] - BHO list has been changed! Starting over...
[01/10/2006, 22:28:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 22:28:39] - BHO 2: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} (Comcast Toolbar)
[01/10/2006, 22:28:39] - BHO 3: {53B48C09-64CD-413E-E960-18231BB8C7CB} ()
[01/10/2006, 22:28:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/10/2006, 22:28:39] - Checking for HKLM\...\Winlogon\Notify\nppnxi
[01/10/2006, 22:28:39] - Key not found: HKLM\...\Winlogon\Notify\nppnxi, continuing.
[01/10/2006, 22:28:39] - BHO 4: {56F1D444-11BF-4879-A12B-79CF0177F038} (Zango Search Assistant Helper)
[01/10/2006, 22:28:39] - BHO 5: {93C6313C-9DB4-4694-8BD0-E378C573A9AD} (ATLDistrib Object)
[01/10/2006, 22:28:39] - ALERT: Found ATLDistrib Object!
[01/10/2006, 22:28:39] - BHO 6: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} (MSEvents Object)
[01/10/2006, 22:28:39] - ALERT: Found MSEvents Object!
[01/10/2006, 22:28:39] - Finished Searching Browser Helper Objects
[01/10/2006, 22:28:39] - *** Detected ATLDistrib Object
[01/10/2006, 22:28:39] - *** Detected MSEvents Object
[01/10/2006, 22:28:39] - Trying to remove ATLDistrib Object...
[01/10/2006, 22:28:40] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 22:28:42] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 22:28:42] - Disabling Automatic Shell Restart
[01/10/2006, 22:28:42] - Terminating Process: EXPLORER.EXE
[01/10/2006, 22:28:44] - Suspending the NT Session Manager System Service
[01/10/2006, 22:28:44] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 22:28:45] - Re-enabling Automatic Shell Restart
[01/10/2006, 22:28:45] - File to disable: C:\WINDOWS\system32\jkklk.dll
[01/10/2006, 22:28:45] - Renaming C:\WINDOWS\system32\jkklk.dll -> C:\WINDOWS\system32\jkklk.dll.vir
[01/10/2006, 22:28:46] - ! File rename was unsucessful.
[01/10/2006, 22:28:46] - Attempting to Deny Access to C:\WINDOWS\system32\jkklk.dll
[01/10/2006, 22:28:46] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 22:28:46] - processed file: C:\WINDOWS\system32\jkklk.dll

[01/10/2006, 22:28:46] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 22:28:46] - Removing HKLM\...\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 22:28:47] - Removing HKCR\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 22:28:48] - Adding Kill Bit for ActiveX for GUID: {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
[01/10/2006, 22:28:48] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 22:28:48] - Removing HKLM\...\Winlogon\Notify\jkklk
[01/10/2006, 22:28:48] - Trying to remove MSEvents Object...
[01/10/2006, 22:28:49] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 22:28:49] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 22:28:49] - Disabling Automatic Shell Restart
[01/10/2006, 22:28:49] - Terminating Process: EXPLORER.EXE
[01/10/2006, 22:28:49] - Suspending the NT Session Manager System Service
[01/10/2006, 22:28:49] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 22:28:49] - Re-enabling Automatic Shell Restart
[01/10/2006, 22:28:49] - File to disable: C:\WINDOWS\system32\ssttt.dll
[01/10/2006, 22:28:49] - Renaming C:\WINDOWS\system32\ssttt.dll -> C:\WINDOWS\system32\ssttt.dll.vir
[01/10/2006, 22:28:50] - ! File rename was unsucessful.
[01/10/2006, 22:28:50] - Attempting to Deny Access to C:\WINDOWS\system32\ssttt.dll
[01/10/2006, 22:28:50] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/10/2006, 22:28:50] - ERROR: The system cannot find the file specified.

[01/10/2006, 22:28:50] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/10/2006, 22:28:50] - Removing HKLM\...\Browser Helper Objects\{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}
[01/10/2006, 22:28:50] - Removing HKCR\CLSID\{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}
[01/10/2006, 22:28:50] - Adding Kill Bit for ActiveX for GUID: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}
[01/10/2006, 22:28:50] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 22:28:50] - Removing HKLM\...\Winlogon\Notify\ssttt
[01/10/2006, 22:28:50] - Searching for Browser Helper Objects:
[01/10/2006, 22:28:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/10/2006, 22:28:50] - BHO 2: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} (Comcast Toolbar)
[01/10/2006, 22:28:50] - BHO 3: {53B48C09-64CD-413E-E960-18231BB8C7CB} ()
[01/10/2006, 22:28:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/10/2006, 22:28:50] - Checking for HKLM\...\Winlogon\Notify\nppnxi
[01/10/2006, 22:28:50] - Key not found: HKLM\...\Winlogon\Notify\nppnxi, continuing.
[01/10/2006, 22:28:50] - BHO 4: {56F1D444-11BF-4879-A12B-79CF0177F038} (Zango Search Assistant Helper)
[01/10/2006, 22:28:50] - Finished Searching Browser Helper Objects
[01/10/2006, 22:28:50] - Finishing up...
[01/10/2006, 22:28:50] - A restart is needed.
[01/10/2006, 22:29:02] - Attempting to Restart via STOP error (Blue Screen!)

#6 jjcircle

jjcircle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 11 January 2006 - 10:22 PM

Finally, the Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, January 11, 2006 22:05:21
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/01/2006
Kaspersky Anti-Virus database records: 170618
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 77154
Number of viruses found: 24
Number of infected objects: 204
Number of suspicious objects: 0
Duration of the scan process: 7132 sec

Infected Object Name - Virus Name
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01BC4W6P\w34[1].exe Infected: Backdoor.Win32.Wisdoor.z
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\678IS2LM\drapu[2].exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.w
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\678IS2LM\drapu[2].exe Infected: Trojan-Downloader.Win32.ConHook.w
C:\Documents and Settings\NetworkService\Application Data\wtta.exe Infected: Trojan-Downloader.Win32.PurityScan.bc
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C1Q3STUV\!update-3000[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GH67WXMB\!update-2800[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GH67WXMB\!update-2900[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.be
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GH67WXMB\!update-3100[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.be
C:\Documents and Settings\Owner\Application Data\tizupd.bin/data0003 Infected: Trojan-Downloader.Win32.PurityScan.am
C:\Documents and Settings\Owner\Application Data\tizupd.bin Infected: Trojan-Downloader.Win32.PurityScan.am
C:\Documents and Settings\Owner\Application Data\wtta.exe Infected: Trojan-Downloader.Win32.PurityScan.bc
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP891\A0113663.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP891\A0114662.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP891\A0114675.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP900\A0114805.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP902\A0115864.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP902\A0116864.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP916\A0120206.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP919\A0120285.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP919\A0121273.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP921\A0121336.exe Infected: Trojan-Downloader.Win32.PurityScan.bg
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP927\A0121509.dll Infected: not-a-virus:AdWare.Win32.Wintol.ae
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP927\A0121515.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP927\A0121526.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP927\A0121535.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP928\A0121605.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP928\A0121605.exe Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP929\A0121664.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP929\A0121664.exe Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP930\A0122661.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP930\A0122665.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP930\A0122665.exe Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP931\A0122701.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP931\A0122701.exe Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP935\A0123261.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP935\A0123261.exe Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP937\A0124102.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP939\A0124131.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP941\A0124254.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP941\A0124254.exe Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP941\A0124255.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124357.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124377.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124406.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Sidesearch.c
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124406.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.ClearSearch.f
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124406.exe/stream Infected: not-a-virus:AdWare.Win32.ClearSearch.f
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124406.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.f
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124429.dll Infected: not-a-virus:AdWare.Win32.WebSearch.r
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124438.EXE Infected: Backdoor.Win32.Wisdoor.z
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124454.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Casino.o
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124454.exe Infected: not-a-virus:AdWare.Win32.Casino.o
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124457.exe/data0121 Infected: not-a-virus:AdWare.Win32.HelpExpress
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0124457.exe Infected: not-a-virus:AdWare.Win32.HelpExpress
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125020.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125023.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125023.exe Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125024.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125026.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125027.exe Infected: not-a-virus:AdWare.Win32.Quick.a
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125028.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125029.DLL Infected: not-a-virus:AdWare.Win32.MyWay.c
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125030.exe Infected: Backdoor.Win32.SdBot.xd
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125031.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125032.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125033.exe Infected: not-a-virus:AdWare.Win32.PurityScan.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125034.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125035.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125036.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125037.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125038.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125039.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125040.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125041.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125042.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125043.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125044.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125045.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125046.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125047.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125048.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125049.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125050.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125051.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125052.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125053.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125054.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125055.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125056.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125057.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125058.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125059.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125060.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125061.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125062.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125063.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125064.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125065.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125066.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125067.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125068.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125069.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125070.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125071.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125072.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125073.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125074.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125075.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125076.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125077.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125078.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125079.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125080.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125081.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125082.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125083.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125084.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125085.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125086.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125087.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125088.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125089.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125090.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125091.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125092.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125093.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125094.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125095.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125096.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125097.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125098.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125099.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125100.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125101.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125102.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125103.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125104.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125105.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125106.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125107.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125108.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125109.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125110.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125111.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125112.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125113.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125114.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125115.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125116.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125117.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125118.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125119.exe Infected: not-a-virus:AdWare.Win32.PurityScan.dy
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125120.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125121.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125122.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125123.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125124.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125125.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125126.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125127.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125128.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125129.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125130.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125131.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125132.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125133.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125134.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125135.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125136.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125137.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125138.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125139.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125140.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125141.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125142.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125143.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125144.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125145.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125146.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125147.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125148.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125149.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125150.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125151.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125152.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125153.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125154.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125155.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125156.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125157.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125158.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125159.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125160.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125161.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125162.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125163.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125164.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125165.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125166.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125167.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125168.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125169.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP943\A0125170.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\w3w.exe Infected: Backdoor.Win32.Wisdoor.z
C:\WINDOWS\SYSTEM32\jtvcm.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak

Scan process completed.

OK, I'm running AVG, MSAS, McAffee firewall etc. What do I have to do further to keep things clean? What should I do with this new stuff? Thank you so much.

#7 jjcircle

jjcircle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 11 January 2006 - 10:31 PM

Sorry, the Ewido log won't fit. It found like 400 plus viruses. What should I do?

Jim

#8 jjcircle

jjcircle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 11 January 2006 - 10:51 PM

Also, fresh hijack this report:

Logfile of HijackThis v1.99.1
Scan saved at 10:07:14 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\DLLLOADRS.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://ideal.cwinsider.com/download/spotlight/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://wpn.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://wpn.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Secure MSVS (MicroService32) - Unknown owner - C:\WINDOWS\msvcrs.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:50 AM

Posted 12 January 2006 - 01:28 AM

Hello,

Ewido already did a great job and deleted most. :thumbsup:

Please delete next files manually:

C:\w3w.exe
C:\WINDOWS\SYSTEM32\jtvcm.dll
C:\Documents and Settings\Owner\Application Data\tizupd.bin
C:\Documents and Settings\Owner\Application Data\wtta.exe

It could be possible some of the above files will be hidden, so perform next to reveal them so you can delete them:

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

You probably forgot to run ATF Cleaner before, that's why I want you to run it again:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\DLLLOADRS.EXE
O23 - Service: Secure MSVS (MicroService32) - Unknown owner - C:\WINDOWS\msvcrs.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Go to start > run and copy next command in the field:

sc delete MicroService32

Click enter.

An important thing to do is please disable your systemrestore.(note: this will delete all your system restore points and malware that were present in it).
How to disable system restore in XP
Reboot.. and after rebooting, enable it again, so a new systemrestorepoint will be made. A clean one now! :flowers:

Reboot once again and post a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 jjcircle

jjcircle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 12 January 2006 - 06:17 AM

Ok, new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:14:27 AM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://ideal.cwinsider.com/download/spotlight/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://wpn.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://wpn.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:50 AM

Posted 12 January 2006 - 07:25 AM

Hello, Just check and fix next entry in your log:

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

How are things running now? I assume much better, because you had a really bad infected system before.
I suggest you still perform a full scan with your McAfee (make sure it is up to date), to get rid of the leftovers, because there will still be leftovers I think, but Mcafee will be able to delete them.

Just let me know how things are running now. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 jjcircle

jjcircle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 12 January 2006 - 03:38 PM

Things are running much better now. I think Ewido found over 400 infected files/objects. AVG kept picking up a Trojan Horse virus, but couldn't fix it. I would put it in the virus vault, but I could run a scan right away and it would find it again. Are there other things I can do to make sure it doesn't get like this again? I'm not allowing the kids to do the whole "AOL IM" anymore (as I'm thinking that was a big culprit), but I have some new software now (thanks :thumbsup:) and I'm wondering what else I should do. I really appreciate all your help.

Jim

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:50 AM

Posted 12 January 2006 - 03:53 PM

Hi,

Can you tell me what trojan AVG is still finding? In what folder it is present? What the file is? So we can get rid of this as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 jjcircle

jjcircle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 18 January 2006 - 11:16 PM

Ok, new problem. Now that I've enabled all of this security, Ebay no longer will let me log in. My wife's access to the MLS won't log in. It says my computer is set not to accept cookies, and the internet options won't let me change the setting any lower than medium. What is going on?

Jim

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:50 AM

Posted 19 January 2006 - 01:34 AM

Well, as you said... after you enabled your security you got this problem. So not sure what you exactly have done though. But it's one of the settings that is blocking access. Better to look in your McAfee Firewall as well if you changed anything in there.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users