Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Myglobalsearch, Winlog.exe, Pate.b.dll...


  • This topic is locked This topic is locked
27 replies to this topic

#1 bonez07

bonez07

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 21 September 2006 - 03:37 PM

1 problem: Here's the Limewire problems pic: http://img129.imageshack.us/img129/3749/problemry9.jpg
the report it this:

LimeWire version 4.12.6
Java version 1.5.0_01 from Sun Microsystems Inc.
Windows XP v. 5.1 on x86
Free/total memory: 2800096/4128768

com.limegroup.gnutella.gui.GUILoader$StartupFailedException: invalid update.ver
at com.limegroup.gnutella.gui.GUILoader.sanityCheck(GUILoader.java:278)
at com.limegroup.gnutella.gui.GUILoader.load(GUILoader.java:48)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.limegroup.gnutella.gui.Main.main(Main.java:44)

STARTUP ERROR!




FILES IN CURRENT DIRECTORY:
C:\Program Files\LimeWire\clink.jar
LAST MODIFIED: 1158284215750
SIZE: 307949

C:\Program Files\LimeWire\commons-httpclient.jar
LAST MODIFIED: 1158284215812
SIZE: 459988

C:\Program Files\LimeWire\commons-logging.jar
LAST MODIFIED: 1158284215843
SIZE: 59154

C:\Program Files\LimeWire\commons-net.jar
LAST MODIFIED: 1158284215890
SIZE: 355370

C:\Program Files\LimeWire\daap.jar
LAST MODIFIED: 1158284215937
SIZE: 388504

C:\Program Files\LimeWire\i18n.jar
LAST MODIFIED: 1158284215968
SIZE: 25678

C:\Program Files\LimeWire\icu4j.jar
LAST MODIFIED: 1158284216031
SIZE: 741440

C:\Program Files\LimeWire\id3v2.jar
LAST MODIFIED: 1158284216062
SIZE: 94430

C:\Program Files\LimeWire\jcraft.jar
LAST MODIFIED: 1158284216093
SIZE: 136693

C:\Program Files\LimeWire\jl011.jar
LAST MODIFIED: 1158284216140
SIZE: 255016

C:\Program Files\LimeWire\jmdns.jar
LAST MODIFIED: 1158284216156
SIZE: 69306

C:\Program Files\LimeWire\LimeWire.exe
LAST MODIFIED: 1156261555747
SIZE: 337372

C:\Program Files\LimeWire\LimeWire.jar
LAST MODIFIED: 1158284214453
SIZE: 7117582

C:\Program Files\LimeWire\log4j.jar
LAST MODIFIED: 1158284216250
SIZE: 677952

C:\Program Files\LimeWire\looks.jar
LAST MODIFIED: 1158284216328
SIZE: 630634

C:\Program Files\LimeWire\MessagesBundles.jar
LAST MODIFIED: 1158284215421
SIZE: 2951044

C:\Program Files\LimeWire\mp3sp14.jar
LAST MODIFIED: 1158284216359
SIZE: 40064

C:\Program Files\LimeWire\ProgressTabs.jar
LAST MODIFIED: 1158284215656
SIZE: 5786

C:\Program Files\LimeWire\themes.jar
LAST MODIFIED: 1158284216390
SIZE: 620179

C:\Program Files\LimeWire\tritonus.jar
LAST MODIFIED: 1158284216437
SIZE: 152711

C:\Program Files\LimeWire\vorbis.jar
LAST MODIFIED: 1158284216453
SIZE: 27215

C:\Program Files\LimeWire\xerces.jar
LAST MODIFIED: 1158284216781
SIZE: 2147687

C:\Program Files\LimeWire\xml-apis.jar
LAST MODIFIED: 1158284216828
SIZE: 207655

Second: on startup: "winlog.exe has encountered a problem...etc" the one where it goes send error or dont send.

3rd: it tells me also on startup: "regedit.com is not a valid win32 application"

Lastly, I have Myglobalsearch virus and cant remove it...as well I have the W32/Pate.B.dll on alot of files, and some cant be removed...and some can by McAfee Stinger. I think this is the main concern, because from what i read about it, it affects EXE files and a lot of programs arent running and are telling me to reinstall and then they work. But when i restart my PC theyre messed up again.

Here's my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:34:47 PM, on 21/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\jetsuite\JETSTAT.EXE
C:\Program Files\Common Files\efax\dllcmd32.exe
c:\jetsuite\JSFMAN.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mansoor.COMPUTER2\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Automatic Updater] iiexplore.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\RunServices: [Windows Automatic Updater] iiexplore.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct5_x.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: GPLS1018XX - Unknown owner - C:\WINDOWS\LS101805.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:10 AM

Posted 23 September 2006 - 07:34 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 bonez07

bonez07
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 24 September 2006 - 05:32 PM

no problem...once I'm on my home PC, I will post a new HJT log.

#4 bonez07

bonez07
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 24 September 2006 - 08:13 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:10:27 PM, on 24/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\jetsuite\JETSTAT.EXE
C:\Program Files\Common Files\efax\dllcmd32.exe
c:\jetsuite\JSFMAN.EXE
C:\Documents and Settings\Mansoor.COMPUTER2\Desktop\stng260(2).exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
c:\program files\softwin\bitdefender8\bdlite.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mansoor.COMPUTER2\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Automatic Updater] iiexplore.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\RunServices: [Windows Automatic Updater] iiexplore.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\MANSOO~1.COM\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct5_x.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: GPLS1018XX - Unknown owner - C:\WINDOWS\LS101805.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:10 AM

Posted 25 September 2006 - 12:06 AM

Hello,

A remark first..

I see Bearshare installed. In case you didn't pay for it, I strongly recommend you uninstall it -- because the free version is bundled with spyware.

It is important you don't miss a step and perform everything in the right order!!

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

* Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:

MyGlobalSearch
Bearshare
<== in case you didn't pay for it.

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

--------------------

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Windows Automatic Updater] iiexplore.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\RunServices: [Windows Automatic Updater] iiexplore.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\MANSOO~1.COM\LOCALS~1\Temp\IXP000.TMP\"
O23 - Service: GPLS1018XX - Unknown owner - C:\WINDOWS\LS101805.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
You may need several replies to post the logs.

Extra addition..

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file, select it and click ok:

C:\WINDOWS\LS101805.exe

Then click the Send File button below.

In case you can't find it, start your computer in safe mode and search for it. Once in safe mode and you found it, rename LS101805.exe to LS101805.bad. This because when you don't rename it, it may become hidden again in normal mode (in case it was hiding before)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 bonez07

bonez07
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 25 September 2006 - 03:13 PM

thanks a BUNCH for the instructions but im having one problem....all the files and folders are there for MyGolbalSearch but its not on the Add/Remove list and I uninstalled Bearshare before already. Another thing is that now instead of winlogon.exe it says onoes.exe has encountered a problem...so now I will await your new instructions. Thanks for the instructions though!

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:10 AM

Posted 25 September 2006 - 03:49 PM

Hi, if the MyGlobalSearch is not present in add/remove programs, just skip that step and perform the next step.

Just proceed with my instructions whether some entries are still present or not. The logs will show afterwards what we have to do.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 bonez07

bonez07
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 26 September 2006 - 07:25 PM

when running Brute Force Uninstaller, in the middle of running alcanshorty.bfu file, it says "bfu.exe has encountered a problem....etc"

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:10 AM

Posted 27 September 2006 - 01:37 AM

That's ok.. as I already said before.. when something fails, just proceed with the next step and let me know afterwards.
Don't stop fixes all the time if something doesn't work properly, because next week, we'll be still at the same stage without removing something.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 bonez07

bonez07
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 29 September 2006 - 03:19 PM

k thanks

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:10 AM

Posted 29 September 2006 - 03:26 PM

Don't forget to post the logs afterwards, because I really need them since many leftovers will still be present - so we can deal with them afterwards.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 bonez07

bonez07
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 29 September 2006 - 04:43 PM

Here's my new logs...and so far I've been getting no problems!

Combo Fix Log

Mansoor - 06-09-29 17:34:11.28 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Mansoor.COMPUTER2\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com


((((((((((((((((((((((((((((((( Files Created from 2006-08-29 to 2006-09-29 ))))))))))))))))))))))))))))))))))


2006-09-02 13:11 50,934 --------- C:\WINDOWS\system32\drivers\vvpciusb.sys
2006-09-02 13:11 50,911 --------- C:\WINDOWS\system32\drivers\vvbususb.sys
2006-09-02 13:11 15,332 --------- C:\WINDOWS\system32\drivers\vvbeth.sys
2006-09-02 13:11 15,309 --------- C:\WINDOWS\system32\drivers\vvbetht.sys
2006-09-02 12:40 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2006-09-02 12:40 6,048 --a------ C:\WINDOWS\system32\MCC16.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-29 16:48 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-29 16:30 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-26 20:58 -------- d---s---- C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Microsoft
2006-09-25 21:20 -------- d-------- C:\Program Files\ElcomSoft
2006-09-25 21:19 -------- d-------- C:\Program Files\VstPlugins
2006-09-24 20:37 447962 --a------ C:\WINDOWS\unvise32.exe
2006-09-24 19:43 350166 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-24 19:43 349656 --a------ C:\WINDOWS\system32\wjview.exe
2006-09-24 19:43 203736 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-09-24 19:42 330718 --a------ C:\WINDOWS\system32\UNWISE.EXE
2006-09-24 19:42 224726 --a------ C:\WINDOWS\system32\uwdf.exe
2006-09-24 19:42 200664 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-24 19:42 185818 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2006-09-24 19:40 857566 --a------ C:\WINDOWS\system32\SendDial.exe
2006-09-24 19:39 504276 --a------ C:\WINDOWS\system32\netsetup.exe
2006-09-24 19:39 333276 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-24 19:38 665052 --a------ C:\WINDOWS\system32\igfxcfg.exe
2006-09-24 19:38 350164 --a------ C:\WINDOWS\system32\jview.exe
2006-09-24 19:38 333278 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-09-24 19:38 329170 --a------ C:\WINDOWS\system32\igfxdiag.exe
2006-09-24 19:38 292312 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-09-24 19:38 267736 --a------ C:\WINDOWS\system32\igfxext.exe
2006-09-24 19:38 229340 --a------ C:\WINDOWS\system32\migpwd.exe
2006-09-24 19:38 214486 --a------ C:\WINDOWS\system32\DSndUp.exe
2006-09-24 19:38 192990 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-09-24 19:35 280020 --a------ C:\WINDOWS\system32\bsplmf01.exe
2006-09-24 19:35 227290 --a------ C:\WINDOWS\system32\clspack.exe
2006-09-24 19:35 222680 --a------ C:\WINDOWS\system32\CleanUp.exe
2006-09-24 19:35 198108 --a------ C:\WINDOWS\system32\cliconfg.exe
2006-09-24 19:33 -------- d-------- C:\Program Files\Softwin
2006-09-24 19:33 -------- d-------- C:\Program Files\Common Files\Softwin
2006-09-24 17:17 -------- d-------- C:\Program Files\Lavasoft
2006-09-24 17:17 -------- d-------- C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Lavasoft
2006-09-24 17:07 -------- d-------- C:\Program Files\MyGlobalSearch
2006-09-20 19:00 -------- d-------- C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Macromedia
2006-09-20 18:58 -------- d-------- C:\Program Files\Common Files
2006-09-20 18:16 38912 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-09-18 17:03 -------- d-------- C:\Program Files\Java
2006-09-18 17:03 -------- d-------- C:\Program Files\Common Files\Java
2006-09-17 15:02 180188 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-16 12:09 -------- d-------- C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\LimeWire
2006-09-13 16:03 -------- d-------- C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\vlc
2006-09-13 16:02 -------- d-------- C:\Program Files\VideoLAN
2006-09-09 23:57 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-02 12:47 -------- d-------- C:\Program Files\NetAssistant
2006-09-02 12:40 -------- d-------- C:\Program Files\Common Files\Motive
2006-09-02 12:19 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-02 12:19 -------- d-------- C:\Program Files\Visual Networks
2006-09-02 11:55 -------- d-------- C:\Program Files\Yahoo!
2006-09-02 11:54 -------- d-------- C:\Program Files\Rogers
2006-09-01 22:56 -------- d-------- C:\Program Files\Efficient Networks
2006-08-28 13:39 -------- d-------- C:\Program Files\HTAccessible
2006-08-11 17:04 -------- d-------- C:\Program Files\Common Files\Roxio Shared
2006-08-11 15:50 -------- d-------- C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Roxio
2006-08-09 15:57 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-08 18:16 13312 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-08 17:58 -------- d-------- C:\Program Files\Arial Audio Converter
2006-08-01 20:53 -------- d-------- C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\GlobalSCAPE
2006-08-01 20:40 -------- d-------- C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\SmartFTP


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl03a\\BrStDvPt.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"PaperPort PTD"="C:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"PP8 SE Reminder"="\"C:\\Program Files\\Scansoft\\PaperPort\\WebEreg\\NAVBrowser.exe\" -r \"C:\\Program Files\\Scansoft\\PaperPort\\WebEreg\\navLoad.ini\""
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 29/09/2006 17:35:52.43
ComboFix.txt


Ewido Log

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:33:32 PM 29/09/2006

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Documents and Settings\Abid.COMPUTER2\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\Documents and Settings\Mansoor.COMPUTER2\Desktop\Web Design\PHP\YouSendItClone\YouSendItClone\uploads\_vti_bin\C99sh.php -> Backdoor.C99Shell.d : Cleaned with backup (quarantined).
C:\onoes.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\WINDOWS\LS101805.exe -> Backdoor.GrayBird.ib : Cleaned with backup (quarantined).
C:\WINDOWS\LSFS.exe -> Backdoor.GrayBird.ib : Cleaned with backup (quarantined).
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Mansoor.COMPUTER2\Cookies\mansoor@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\osjwq9fl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Mansoor.COMPUTER2\Cookies\mansoor@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Abid.COMPUTER2\Cookies\abid@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Abid.COMPUTER2\Cookies\abid@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\osjwq9fl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\osjwq9fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\osjwq9fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\osjwq9fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\osjwq9fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\osjwq9fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Abid.COMPUTER2\Cookies\abid@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.183:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\osjwq9fl.default\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Abid.COMPUTER2\Cookies\abid@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Abid.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\g6x6lqol.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Mansoor.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\ejec3irf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Mansoor.COMPUTER2\Desktop\Web Design\PHP\PHP Scripts\gallery_maker_pro_1.5\patch.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc37.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc38.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc39.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc40.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc42.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc43.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc44.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc45.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc46.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc47.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc48.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc49.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc50.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc51.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc52.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc53.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc55.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc56.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc57.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc58.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc59.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc60.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc60.zip/the killers.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc61.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc62.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc63.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc64.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc65.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc66.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc68\Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc69.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc70.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc71.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc72.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc73.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc74.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc75.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc76.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc77.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc78.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc79.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc80.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc81.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc82.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc83.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc84.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc85.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc86.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc87.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc88.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc89.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc90.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc91.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc92.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc93.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc94.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc95.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc96.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc97.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc98.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-861567501-492894223-725345543-1005\Dc99.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end


HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 5:40:31 PM, on 29/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\jetsuite\JETSTAT.EXE
C:\Program Files\Common Files\efax\dllcmd32.exe
c:\jetsuite\JSFMAN.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mansoor.COMPUTER2\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct5_x.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:10 AM

Posted 29 September 2006 - 05:22 PM

Looking much better already :thumbsup:
Your hijackthislog looks clean again.

Delete next folder:

C:\Program Files\MyGlobalSearch

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
There are still two scans I want you to perform though... just to be sure.

Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
I need that log later.

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply together with the log from blacklight.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 bonez07

bonez07
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 30 September 2006 - 01:41 PM

2 problems:

1)Disk cleanup doesnt work, it'll load and say its scanning Compressed Old Files, have 3 green ticks...and then it goes no further, just stays like that.

2)The Kaspersky Webscan, I can't save its log as a text file. Only as a web page. but here both logs are anyway:

F-Secure Blacklight Log:

09/29/06 20:02:30 [Info]: BlackLight Engine 1.0.47 initialized
09/29/06 20:02:30 [Info]: OS: 5.1 build 2600 (Service Pack 1)
09/29/06 20:02:35 [Note]: 7019 4
09/29/06 20:02:35 [Note]: 7005 0
09/29/06 20:02:39 [Note]: 7006 0
09/29/06 20:02:40 [Note]: 7011 2924
09/29/06 20:02:40 [Note]: 7026 0
09/29/06 20:02:40 [Note]: 7026 0
09/29/06 20:02:57 [Note]: FSRAW library version 1.7.1020
09/29/06 20:05:52 [Note]: 2000 1012
09/29/06 20:10:36 [Note]: 7007 0


Kaspersky Log:
http://download.yousendit.com/F167E100560ACD7D

it was 4 MB so i uploaded it on Yousendit

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:10 AM

Posted 30 September 2006 - 01:59 PM

Hi,

1)Disk cleanup doesnt work, it'll load and say its scanning Compressed Old Files, have 3 green ticks...and then it goes no further, just stays like that.


Perform next:

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Well, you could have copied the contents of the logfile as well Kaspersky saved, but since it's over 4MB, it was indeed better you uploaded it (will take a lot of posts here otherwise :thumbsup: )

And I don't have such good news for you :flowers: And I already suspected something like that when I looked at your combofix log. Some legit exe's were recently modified... and that's why I asked the Kaspersky log.

You are infected with parite b. This one infects LEGIT exe and scr files. This means, as I can see from the Kaspersky log that there are A LOT of infected files still present on your computer.
And as I said, these files are legit, but infected, which mean that these files may not get deleted but disinfected instead.

A question first... I see you have Bitdefender installed.... Did you ever scan with it? because normally it is supposed to disinfect it though.
And if you did scan with Bitdefender, is your bitdefender still up to date - ? Latest definition file? Did you purchase Bitdefender? Or is this a trial which has already expired for a long time.

Please answer above questions first before we move on. Because from now on, it's only an antivirus that can deal with this, since it has to disinfect files.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users