 |  |  |  |  |  |  |  |
Please assist with New Poly Win32 Virus
 |
In the last couple days, my desktop has been running REALLY SLOW! I'm fairly computer literate, just need a step-by-step. I also know my way around the registry with 'walk through' assistance. (HJT log is at the end of the thread). THANKS!
I have McAfee running in the background (from startup), as well as their Privacy Service and Personal Firewall programs. I ran their antivirus and it didn't detect anything.
I also ran the following:
*BitDefender Scan Online -- while this program was running, a red alert dialog box from the McAfee antivirus application popped up saying it found the New Poly Win32 Virus. It wouldn't clean, quarantine, or delete it.
* CWShredder -- it found nothing.
* Ran 'Clean Up' application.
* Registry Mechanic (Trial Version) -- It found 234 items, and fixed 4 of them.
* Ad-Aware SE Personal -- it found, and quarantined, ALEXA virus.
NOTE: When I attempt going in to Safe Mode the system 'hangs' before it gets to the bare bones desktop. I'm also unable to locate my Windows 2000 CDs. Also, I use Firefox as my main browser. I only use Internet Explorer if a website doesn't like Firefox.
HERE'S THE HJT LOG:
Logfile of HijackThis v1.99.1
Scan saved at 2:58:47 PM, on 5/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Hijack This\HijackThis2.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
THANKS MUCH FOR THE HELP !
Brent
I have McAfee running in the background (from startup), as well as their Privacy Service and Personal Firewall programs. I ran their antivirus and it didn't detect anything.
I also ran the following:
*BitDefender Scan Online -- while this program was running, a red alert dialog box from the McAfee antivirus application popped up saying it found the New Poly Win32 Virus. It wouldn't clean, quarantine, or delete it.
* CWShredder -- it found nothing.
* Ran 'Clean Up' application.
* Registry Mechanic (Trial Version) -- It found 234 items, and fixed 4 of them.
* Ad-Aware SE Personal -- it found, and quarantined, ALEXA virus.
NOTE: When I attempt going in to Safe Mode the system 'hangs' before it gets to the bare bones desktop. I'm also unable to locate my Windows 2000 CDs. Also, I use Firefox as my main browser. I only use Internet Explorer if a website doesn't like Firefox.
HERE'S THE HJT LOG:
Logfile of HijackThis v1.99.1
Scan saved at 2:58:47 PM, on 5/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Hijack This\HijackThis2.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
THANKS MUCH FOR THE HELP !
Brent
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation: 
Solved Threads: 98
Hi, and welcome to DaniWeb.
That log looks short. If you ran it in safe mode, which, judging by how you said it hangs while going into safe mode I don't think you did, or if you have latley or in the pass disabled startup items, please re-enable them and then in Normal mode, please run another HJT scan.
That current log showed no sign of infection.
____________________________________________________________
Also please do this...
Please download ewido anti-malware it is a free version of the program.
ewido manual updates
Once the updates are installed do the following:
Reboot.
Then post the HJT log, and the ewido log
That log looks short. If you ran it in safe mode, which, judging by how you said it hangs while going into safe mode I don't think you did, or if you have latley or in the pass disabled startup items, please re-enable them and then in Normal mode, please run another HJT scan.
That current log showed no sign of infection.
____________________________________________________________
Also please do this...
Please download ewido anti-malware it is a free version of the program.
- Install ewido anti-malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )
ewido manual updates
Once the updates are installed do the following:
- Open up Ewido
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
- Close ewido anti-malware.
Reboot.
Then post the HJT log, and the ewido log
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
tayspen,
Thanks for the quick reply! Yes, the first HJT log was done in Normal mode rather than Safe Mode. I haven't disabled any startup items recently.
I've installed ewido. It might take awhile for the scan. When it's finished, I'll save the ewido log, re-boot, get a current HJT log and post both of them.
Thanks!
Thanks for the quick reply! Yes, the first HJT log was done in Normal mode rather than Safe Mode. I haven't disabled any startup items recently.
I've installed ewido. It might take awhile for the scan. When it's finished, I'll save the ewido log, re-boot, get a current HJT log and post both of them.
Thanks!
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
You are welcome. We will be waiting 
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
OK, I've done the following, in order:
1. Scanned with ewido and saved the report.
2. Rebooted.
3. Saved new HJT log.
**It was still running slow, so I defragged, saved the defrag report and re-booted. It's still slooow.
HJT log, ewido log, and defrag log are below:
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 5:44:45 PM, on 5/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hijack This\HijackThis2.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
--------------------------------------------
ewido log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:34:58 PM, 5/16/2006
+ Report-Checksum: A3689DF5
+ Scan result:
:mozilla.6:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
::Report End
-------------------------------------------------------
defrag log:
Volume (C:
Volume size = 9,750 MB
Cluster size = 4 KB
Used space = 5,371 MB
Free space = 4,378 MB
Percent free space = 44 %
Volume fragmentation
Total fragmentation = 0 %
File fragmentation = 0 %
Free space fragmentation = 0 %
File fragmentation
Total files = 20,497
Average file size = 337 KB
Total fragmented files = 8
Total excess fragments = 40
Average fragments per file = 1.00
Pagefile fragmentation
Pagefile size = 1,000 MB
Total fragments = 3
Directory fragmentation
Total directories = 2,105
Fragmented directories = 1
Excess directory fragments = 1
Master File Table (MFT) fragmentation
Total MFT size = 31,381 KB
MFT record count = 22,675
Percent MFT in use = 72 %
Total MFT fragments = 2
--------------------------------------------------------------------------------
Fragments File Size Files that did not defragment
18 1 KB \WINNT\system32\config\software.LOG
2 1 KB \WINNT\system32\config\default.LOG
2 1 KB \WINNT\system32\config\SECURITY.LOG
2 1,171 KB \WINNT\ShellIconCache
2 1 KB \Documents and Settings\Brent\ntuser.dat.LOG
2 16 KB \Documents and Settings\Brent\Local Settings\Temp\~DF207D.tmp
3 18 KB \Program Files\McAfee.com\Agent\Data\Logs\TaskScheduler\McTskshd000.log
***Did you want me to re-scan with BitDefender and see if McAfee still kicks up a 'New Poly Win32' virus warning message?
Thanks !
Brent
1. Scanned with ewido and saved the report.
2. Rebooted.
3. Saved new HJT log.
**It was still running slow, so I defragged, saved the defrag report and re-booted. It's still slooow.
HJT log, ewido log, and defrag log are below:
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 5:44:45 PM, on 5/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hijack This\HijackThis2.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
--------------------------------------------
ewido log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:34:58 PM, 5/16/2006
+ Report-Checksum: A3689DF5
+ Scan result:
:mozilla.6:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
::Report End
-------------------------------------------------------
defrag log:
Volume (C
:Volume size = 9,750 MB
Cluster size = 4 KB
Used space = 5,371 MB
Free space = 4,378 MB
Percent free space = 44 %
Volume fragmentation
Total fragmentation = 0 %
File fragmentation = 0 %
Free space fragmentation = 0 %
File fragmentation
Total files = 20,497
Average file size = 337 KB
Total fragmented files = 8
Total excess fragments = 40
Average fragments per file = 1.00
Pagefile fragmentation
Pagefile size = 1,000 MB
Total fragments = 3
Directory fragmentation
Total directories = 2,105
Fragmented directories = 1
Excess directory fragments = 1
Master File Table (MFT) fragmentation
Total MFT size = 31,381 KB
MFT record count = 22,675
Percent MFT in use = 72 %
Total MFT fragments = 2
--------------------------------------------------------------------------------
Fragments File Size Files that did not defragment
18 1 KB \WINNT\system32\config\software.LOG
2 1 KB \WINNT\system32\config\default.LOG
2 1 KB \WINNT\system32\config\SECURITY.LOG
2 1,171 KB \WINNT\ShellIconCache
2 1 KB \Documents and Settings\Brent\ntuser.dat.LOG
2 16 KB \Documents and Settings\Brent\Local Settings\Temp\~DF207D.tmp
3 18 KB \Program Files\McAfee.com\Agent\Data\Logs\TaskScheduler\McTskshd000.log
***Did you want me to re-scan with BitDefender and see if McAfee still kicks up a 'New Poly Win32' virus warning message?
Thanks !
Brent
Hmm alrite, another clean log.
We're gonna try 2 things:
1) Running Ccleaner:
Begin by downloading CCleaner, and specifically choosing the most recent version.
Then, follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):
C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch
After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.
Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.
___________________
And running SpySweeper (link in sig below)
Download, update its latest definitions, and run a full scan, saving the log.
Post back with the SpySweeper log and a new HJT log.
Thanks
We're gonna try 2 things:
1) Running Ccleaner:
Begin by downloading CCleaner, and specifically choosing the most recent version.
Then, follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):
C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch
After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.
Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.
___________________
And running SpySweeper (link in sig below)
Download, update its latest definitions, and run a full scan, saving the log.
Post back with the SpySweeper log and a new HJT log.
Thanks
Now if ya like the help ya could always raise our reputation...
OK, ran CCleaner and SpySweeper. SpySweeper and new HJT logs follow:
SpySweeper log:
********
12:02 PM: | Start of Session, Wednesday, May 17, 2006 |
12:02 PM: Spy Sweeper started
12:02 PM: Sweep initiated using definitions version 678
12:02 PM: Starting Memory Sweep
12:31 PM: Memory Sweep Complete, Elapsed Time: 00:29:03
12:31 PM: Starting Registry Sweep
12:33 PM: Found Adware: navexcel navhelper
12:33 PM: HKCR\appid\nhelper.dll\ (1 subtraces) (ID = 135511)
12:33 PM: HKLM\software\classes\appid\nhelper.dll\ (1 subtraces) (ID = 135525)
12:34 PM: Registry Sweep Complete, Elapsed Time:00:02:49
12:34 PM: Starting Cookie Sweep
12:34 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:34 PM: Starting File Sweep
12:56 PM: Found Adware: coolwebsearch (cws)
12:56 PM: muninst.exe:acaydb (ID = 54051)
12:56 PM: Found Adware: cws_ns3
12:56 PM: muninst.exe:rxdlem (ID = 56451)
1:18 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner.lnk". Access is denied
1:57 PM: twunk_32.exe:sfwhxh (ID = 56287)
1:58 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\internet explorer.lnk". Access is denied
2:05 PM: pfbmz.dll:wgzqtp (ID = 54051)
2:07 PM: uninst.exe:lgpmrj (ID = 56451)
3:12 PM: mfche32.dll:ek**** (ID = 56451)
4:02 PM: nbcie.dll:scsdfl (ID = 56287)
4:03 PM: ieuninst.exe:trmtet (ID = 56287)
4:10 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner homepage.url". Access is denied
4:16 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\uninstall ccleaner.lnk". Access is denied
4:25 PM: wmsyspr9.prx:zdorfo (ID = 54051)
4:31 PM: yuuhq.dll:kyogea (ID = 56287)
4:32 PM: psuah.dll:phkvnr (ID = 56287)
4:32 PM: trnjh.dll:aeebvx (ID = 54051)
4:32 PM: koowd.dll:mjnpaa (ID = 56287)
4:34 PM: ydbar.dll:nyjmwx (ID = 54051)
4:34 PM: nbcie.dll:yeuwel (ID = 54051)
4:34 PM: nkqmf.dll:qfnjyv (ID = 56287)
4:34 PM: yuuhq.dll:dbkaih (ID = 54051)
4:34 PM: zcwtg.dll:wjayif (ID = 56451)
4:34 PM: bwyco.dll:fweymx (ID = 56451)
4:34 PM: mqzbq.dll:zxlgcc (ID = 56287)
4:34 PM: bbzpl.dll:nvtssv (ID = 56287)
4:34 PM: yuuhq.dll:dihtgu (ID = 56287)
4:34 PM: zcwtg.dll:dzylgl (ID = 56451)
4:35 PM: koowd.dll:fsacvq (ID = 56451)
4:37 PM: File Sweep Complete, Elapsed Time: 04:02:31
4:37 PM: Full Sweep has completed. Elapsed time 04:28:42
4:37 PM: Traces Found: 28
4:45 PM: Removal process initiated
4:45 PM: Quarantining All Traces: cws_ns3
4:45 PM: Quarantining All Traces: coolwebsearch (cws)
4:45 PM: Quarantining All Traces: navexcel navhelper
4:46 PM: Removal process completed. Elapsed time 00:00:59
********
11:56 AM: | Start of Session, Wednesday, May 17, 2006 |
11:56 AM: Spy Sweeper started
11:59 AM: Messenger service has been disabled.
12:02 PM: Your spyware definitions have been updated.
12:02 PM: | End of Session, Wednesday, May 17, 2006 |
HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 4:49:34 PM, on 5/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hijack This\HijackThis2.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
*********************
Brent
SpySweeper log:
********
12:02 PM: | Start of Session, Wednesday, May 17, 2006 |
12:02 PM: Spy Sweeper started
12:02 PM: Sweep initiated using definitions version 678
12:02 PM: Starting Memory Sweep
12:31 PM: Memory Sweep Complete, Elapsed Time: 00:29:03
12:31 PM: Starting Registry Sweep
12:33 PM: Found Adware: navexcel navhelper
12:33 PM: HKCR\appid\nhelper.dll\ (1 subtraces) (ID = 135511)
12:33 PM: HKLM\software\classes\appid\nhelper.dll\ (1 subtraces) (ID = 135525)
12:34 PM: Registry Sweep Complete, Elapsed Time:00:02:49
12:34 PM: Starting Cookie Sweep
12:34 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:34 PM: Starting File Sweep
12:56 PM: Found Adware: coolwebsearch (cws)
12:56 PM: muninst.exe:acaydb (ID = 54051)
12:56 PM: Found Adware: cws_ns3
12:56 PM: muninst.exe:rxdlem (ID = 56451)
1:18 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner.lnk". Access is denied
1:57 PM: twunk_32.exe:sfwhxh (ID = 56287)
1:58 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\internet explorer.lnk". Access is denied
2:05 PM: pfbmz.dll:wgzqtp (ID = 54051)
2:07 PM: uninst.exe:lgpmrj (ID = 56451)
3:12 PM: mfche32.dll:ek**** (ID = 56451)
4:02 PM: nbcie.dll:scsdfl (ID = 56287)
4:03 PM: ieuninst.exe:trmtet (ID = 56287)
4:10 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner homepage.url". Access is denied
4:16 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\uninstall ccleaner.lnk". Access is denied
4:25 PM: wmsyspr9.prx:zdorfo (ID = 54051)
4:31 PM: yuuhq.dll:kyogea (ID = 56287)
4:32 PM: psuah.dll:phkvnr (ID = 56287)
4:32 PM: trnjh.dll:aeebvx (ID = 54051)
4:32 PM: koowd.dll:mjnpaa (ID = 56287)
4:34 PM: ydbar.dll:nyjmwx (ID = 54051)
4:34 PM: nbcie.dll:yeuwel (ID = 54051)
4:34 PM: nkqmf.dll:qfnjyv (ID = 56287)
4:34 PM: yuuhq.dll:dbkaih (ID = 54051)
4:34 PM: zcwtg.dll:wjayif (ID = 56451)
4:34 PM: bwyco.dll:fweymx (ID = 56451)
4:34 PM: mqzbq.dll:zxlgcc (ID = 56287)
4:34 PM: bbzpl.dll:nvtssv (ID = 56287)
4:34 PM: yuuhq.dll:dihtgu (ID = 56287)
4:34 PM: zcwtg.dll:dzylgl (ID = 56451)
4:35 PM: koowd.dll:fsacvq (ID = 56451)
4:37 PM: File Sweep Complete, Elapsed Time: 04:02:31
4:37 PM: Full Sweep has completed. Elapsed time 04:28:42
4:37 PM: Traces Found: 28
4:45 PM: Removal process initiated
4:45 PM: Quarantining All Traces: cws_ns3
4:45 PM: Quarantining All Traces: coolwebsearch (cws)
4:45 PM: Quarantining All Traces: navexcel navhelper
4:46 PM: Removal process completed. Elapsed time 00:00:59
********
11:56 AM: | Start of Session, Wednesday, May 17, 2006 |
11:56 AM: Spy Sweeper started
11:59 AM: Messenger service has been disabled.
12:02 PM: Your spyware definitions have been updated.
12:02 PM: | End of Session, Wednesday, May 17, 2006 |
HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 4:49:34 PM, on 5/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\SMC\SMC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hijack This\HijackThis2.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
*********************
Brent
Still having problems with a slow-motion PC. I think I found the culprit...a temp directory (tmp00000171). That directory was referenced when I got the McAfee Red Alert saying I had the New Poly Win32 virus when I originally ran the BitDefender Online scan. (See earlier posts in this thread).
I tried Killbox, but that didn't work. I ran a new Spysweeper scan. I think it says it fixed the problem, but it didn't. See log below. I also went in to Command Prompt (I can't go in to Safe Mode) and tried to delete it that way but it wouldn't let me do that, either. (See text below from Command Prompt screen.)
********
12:33 PM: | Start of Session, Thursday, May 18, 2006 |
12:33 PM: Spy Sweeper started
12:33 PM: Sweep initiated using definitions version 680
12:33 PM: Starting Memory Sweep
1:00 PM: Memory Sweep Complete, Elapsed Time: 00:26:10
1:00 PM: Starting Registry Sweep
1:02 PM: Registry Sweep Complete, Elapsed Time:00:02:34
1:02 PM: Starting Cookie Sweep
1:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:02 PM: Starting File Sweep
1:24 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner.lnk". Access is denied
1:45 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\internet explorer.lnk". Access is denied
3:49 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner homepage.url". Access is denied
3:54 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\uninstall ccleaner.lnk". Access is denied
5:19 PM: Found System Monitor: potentially rootkit-masked files
5:19 PM: tmp00000000 (ID = 0)
5:29 PM: File Sweep Complete, Elapsed Time: 04:26:43
5:29 PM: Full Sweep has completed. Elapsed time 04:55:35
5:29 PM: Traces Found: 1
5:30 PM: Removal process initiated
5:30 PM: Quarantining All Traces: potentially rootkit-masked files
5:30 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
5:30 PM: tmp00000000 is in use. It will be removed on reboot.
5:31 PM: Preparing to restart your computer. Please wait...
5:31 PM: Removal process completed. Elapsed time 00:01:29
12:33 PM: | End of Session, Thursday, May 18, 2006
****************
C:\Documents and Settings\Brent\Local Settings\Temp>dir
Volume in drive C has no label.
Volume Serial Number is 3CB1-784C
Directory of C:\Documents and Settings\Brent\Local Settings\Temp
05/18/2006 07:02p <DIR> .
05/18/2006 07:02p <DIR> ..
05/18/2006 07:02p 65 kb.log
05/16/2006 01:24p <DIR> tmp00000171
1 File(s) 65 bytes
3 Dir(s) 4,589,318,144 bytes free
C:\Documents and Settings\Brent\Local Settings\Temp>rd tmp00000171
Access is denied.
This is really starting to annoy me. ANY HELP IS APPRECIATED!
Thanks
Brent
I tried Killbox, but that didn't work. I ran a new Spysweeper scan. I think it says it fixed the problem, but it didn't. See log below. I also went in to Command Prompt (I can't go in to Safe Mode) and tried to delete it that way but it wouldn't let me do that, either. (See text below from Command Prompt screen.)
********
12:33 PM: | Start of Session, Thursday, May 18, 2006 |
12:33 PM: Spy Sweeper started
12:33 PM: Sweep initiated using definitions version 680
12:33 PM: Starting Memory Sweep
1:00 PM: Memory Sweep Complete, Elapsed Time: 00:26:10
1:00 PM: Starting Registry Sweep
1:02 PM: Registry Sweep Complete, Elapsed Time:00:02:34
1:02 PM: Starting Cookie Sweep
1:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:02 PM: Starting File Sweep
1:24 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner.lnk". Access is denied
1:45 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\internet explorer.lnk". Access is denied
3:49 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner homepage.url". Access is denied
3:54 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\uninstall ccleaner.lnk". Access is denied
5:19 PM: Found System Monitor: potentially rootkit-masked files
5:19 PM: tmp00000000 (ID = 0)
5:29 PM: File Sweep Complete, Elapsed Time: 04:26:43
5:29 PM: Full Sweep has completed. Elapsed time 04:55:35
5:29 PM: Traces Found: 1
5:30 PM: Removal process initiated
5:30 PM: Quarantining All Traces: potentially rootkit-masked files
5:30 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
5:30 PM: tmp00000000 is in use. It will be removed on reboot.
5:31 PM: Preparing to restart your computer. Please wait...
5:31 PM: Removal process completed. Elapsed time 00:01:29
12:33 PM: | End of Session, Thursday, May 18, 2006
****************
C:\Documents and Settings\Brent\Local Settings\Temp>dir
Volume in drive C has no label.
Volume Serial Number is 3CB1-784C
Directory of C:\Documents and Settings\Brent\Local Settings\Temp
05/18/2006 07:02p <DIR> .
05/18/2006 07:02p <DIR> ..
05/18/2006 07:02p 65 kb.log
05/16/2006 01:24p <DIR> tmp00000171
1 File(s) 65 bytes
3 Dir(s) 4,589,318,144 bytes free
C:\Documents and Settings\Brent\Local Settings\Temp>rd tmp00000171
Access is denied.
This is really starting to annoy me. ANY HELP IS APPRECIATED!
Thanks
Brent
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
•
•
•
•
5:30 PM: tmp00000000 is in use. It will be removed on reboot.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
|
Similar Threads
- I have the New poly win32 virus, please help! (Viruses, Spyware and other Nasties)
- Help!! I Have The "new Poly Win32 Virus" Plz Help (Viruses, Spyware and other Nasties)
- New Poly Win32 (Viruses, Spyware and other Nasties)
- new poly win32 virus and all my programs freezing up (Viruses, Spyware and other Nasties)
- New Poly Win32? HJT Logfile posted (Viruses, Spyware and other Nasties)
- New Poly Win32 from McAfee (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Blackworm, Lupar A virus?
- Next Thread: Please help.. like SpyFalcon..
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday
