Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Think i'm infected, pc freezes after mailwasher.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Think i'm infected, pc freezes after mailwasher.

Unread postby gazmix » August 24th, 2006, 6:54 am

Logfile of HijackThis v1.99.1
Scan saved at 11:42:57, on 24/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\user\Desktop\HijackThis.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [a-squared] "C:\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F66490-8720-4E80-AD94-CEFE5347CE71}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F66490-8720-4E80-AD94-CEFE5347CE71}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


I hope someone can see something in this, my pc freezes on startup after i've brought my mail up through mailwasher. All jumps into life after 5 or 10mins, i think i'm inmfected.
Also, On my hijackthis, i can't find an update link, should there be one?
Regards
Gaz
gazmix
Active Member
 
Posts: 12
Joined: July 22nd, 2006, 8:48 pm
Advertisement
Register to Remove

Unread postby dan12 » August 24th, 2006, 4:16 pm

Hi gazmix and welcome to malwareremoval forums

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby gazmix » August 24th, 2006, 4:28 pm

Thankyou & i hope you can find a problem that can be romoved.
Many thanks
Gaz
gazmix
Active Member
 
Posts: 12
Joined: July 22nd, 2006, 8:48 pm

Unread postby dan12 » August 25th, 2006, 1:47 am

Hi gazmix


Please download and install Ewido Anti-Spyware
  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This in very important to get updates
  • When updating has finished. Close Ewido.



*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.



Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner
  • Click on the Settings tab.
  • Under How to act ?Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?All checkboxes should be ticked.
  • Under Possibly unwanted software: All checkboxes should be ticked.
  • Under Reports:Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished:
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)

    Image
  • When done, click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (If available otherwise Standard)
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Please include new HJT log plus ewido Log and kaspersky log
in your next post
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby gazmix » August 25th, 2006, 8:49 am

Hi Dan, this is the Ewido logfile, the Kapersky will follow in the next post. Many thanks.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:44:51 25/08/2006

+ Scan result:



:mozilla.333:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.349:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.350:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.351:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.352:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.353:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.381:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.407:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.389:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.390:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.453:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.354:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.384:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.442:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t2wrfj67.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).


::Report end
gazmix
Active Member
 
Posts: 12
Joined: July 22nd, 2006, 8:48 pm

Unread postby gazmix » August 25th, 2006, 12:26 pm

Dan, this the kapersky logfile. It took 2 hours!
My pc freezes after retrieving mail via mailwasher, if that is anything to go by!

KASPERSKY ONLINE SCANNER REPORT
Friday, August 25, 2006 5:23:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/08/2006
Kaspersky Anti-Virus database records: 218262
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 23924
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 02:14:56

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E40E0BB4-D9CB-48D4-A1C6-93206848E538}\RP42\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOME.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT00eab.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT00eb2.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
gazmix
Active Member
 
Posts: 12
Joined: July 22nd, 2006, 8:48 pm

Unread postby dan12 » August 26th, 2006, 2:07 am

Hi gazmix
As far as malware your logs are clean this seems to be a software problem.
Which version of mailwasher are you using? have you tried uninstalling and reinstalling?
I believe the latest version is 5.3 have seen a few forum threads with people having the same problem
http://www.firetrust.com/firetrustmwpro_upgrade.html
http://www.castlecops.com/t162090-Mailw ... y_hog.html
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby gazmix » August 26th, 2006, 6:43 am

Hi & thanks
I'm using Mailwasher 2.0, i've had no problems in the years using this.
I'm wondering if it is a ZA problem, since my update of ZA, this has been a problem.

As soon as my desktop loads up, all freezes. I'm going to try & reinstall programmes, they may conflict.

Like AVG Maiwasher & ZA.
If you have any advice about programes & settings, i'd be grateful.

Regards

Gaz
gazmix
Active Member
 
Posts: 12
Joined: July 22nd, 2006, 8:48 pm

Unread postby dan12 » September 24th, 2006, 10:25 am

Hi gazmix
I'm sorry, It appears I had lost your post untill an admin informed me.
Are you still having issues with your machine.
can you detail problem if any.
regards dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby gazmix » September 24th, 2006, 11:00 am

Hi Dan
It seems as if it was a firewall problem & that since i was using Zone Alarm & Windows Firewall was on too.
I think that was the issue!
Anyway, all seems ok at the moment & i am grateful for your help :)
If i have any probs in the future, i'll be back.

Regards

Gary
gazmix
Active Member
 
Posts: 12
Joined: July 22nd, 2006, 8:48 pm

Unread postby dan12 » September 24th, 2006, 4:16 pm

Hi gazmix,
Pleased to hear your problems are now a lot better.
I assume from your post you disabled the XP firewall and left zone alarm which will give you two way protection where as xp protects just one way only.

Update Java
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_08-windows-i586-p to install the newest version.


Just need you to delete quarantined in ewido and you should be good to go

Now you can clean Ewido's Quarantine:
  • Open Ewido
  • Click Infections
  • Click Quarantine tab
  • Click Select all
  • Click Remove finally
  • Close the program


A few things to help with possible threats in the future would be to download run and keep all these programs updated.
Adaware
spyware Blaster

Always keep windows patched and updated.
And it goes without saying do not open Email from someone you don't know.

To find out more information about some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Thanks for your patience
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby gazmix » September 25th, 2006, 4:59 am

Hi Dan
Yes, that was it, the faxt that you can't have 2 Firewalls.
I run Spybot, Adaware SE & AVG freee editions regularly.

Spybot regularly finds 2 entries called 'Cimuz' that it can't quarantine.
I've googled this & it is a trojan & i can only remove this by manually searching for it.
Start, Search, Files & folders on net! & it finds the 2 entries Cimuz & i can manually remove them.

Once i downloaded Trojanhunter 4.5 & then removed it via add/remove programmes, but it has leaft traces in C:\Programme files that can't be removed.
Do you know how i can remove this?

Regards

Gaz
gazmix
Active Member
 
Posts: 12
Joined: July 22nd, 2006, 8:48 pm

Unread postby dan12 » September 25th, 2006, 3:41 pm

Hi gazmix,

Given that information I think we will do a couple more scans to give me peace of mind.

Download WinPFind2.
  • Open the newly made WinPFind2 folder on your Desktop
  • Double click winpfind2.exe
  • Click the Select All button in the File Options box
  • Click the Run All Scans button
  • When the scan is done you will see Scans Complete! at the bottom left of the tool
  • Click the Simple Report button
  • Notepad will open up with the results of the scan


Please download Rootkit revealer

For best results exit all applications and keep the system otherwise idle during the RootkitRevealer scanning process.

Manual Scanning
To scan a system launch it on the system and press the Scan button. RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list.
copy and paste the log in your next post along with the winpfind log
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby NonSuch » October 11th, 2006, 4:09 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27235
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware