Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Attack


  • This topic is locked This topic is locked
24 replies to this topic

#1 Mooney12

Mooney12

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 01 April 2006 - 07:19 AM

Hello,

I have been struggling for a while with spyware. My computer is infected with surfsidekick 3, winfixer, coolwebsearch, look2me, freeprod, and basically every other piece of scum program you care to think of.

I have tried a number of programs in the hope they can help. None of them seem to. Adaware, windows defender both fail. Sunbelts Kerio firewall doesn't do much either. I also downloaded spybot search and destroy. I held out a lot of hope here, but when I clicked the "fix all problems" button, the program seems to run for a second and then simply stops and shuts down.

Hence I am here for some much needed help! My PC is at times unuseable. So before I wipe the machine and start again (which I really don't want to do!) I thought Id post a log here and see if anyone can help!

Logfile of HijackThis v1.99.1
Scan saved at 18:30:32, on 31/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Q2xsci4gU2lyIFJlZyBFbXBleQ\command.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\windows\mousepad7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SMANTE~1\nslookup.exe
C:\WINDOWS\??mbols\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://officeupdate.microsoft.com/office/r...nswerWizard.asp
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int139749.exe -auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\SMANTE~1\nslookup.exe" -vt yazr
O4 - HKCU\..\Run: [Ychxvd] C:\WINDOWS\??mbols\alg.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Net Wiper v2.50 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\NetWiper\netwiper (file missing)
O9 - Extra 'Tools' menuitem: Net Wiper v2.50 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\NetWiper\netwiper (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSI...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn163.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn163.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFC82B1E-AB7C-4927-95D4-6E9E6ABA1E42}: NameServer = 194.74.65.68 194.72.0.114
O20 - AppInit_DLLs: repairs303169566.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\fp4m03h1e.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2xsci4gU2lyIFJlZyBFbXBleQ\command.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 PM

Posted 01 April 2006 - 09:40 AM

Hello and welcome aboard.. I'm analysing your log and will get back to you soon. :thumbsup:

Edited by Rawe, 01 April 2006 - 09:41 AM.

Hi there, stranger!

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 PM

Posted 01 April 2006 - 09:48 AM

Lets go after SurfSideKick first. :thumbsup:

Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk ( C: ) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix.
Save it in the same folder you made earlier (c:\BFU).

Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat.
Click YES and follow the prompts, when prompted to restart the PC please do so.
Then please post back with a fresh HijackThis log by using AddReply. :flowers:
Hi there, stranger!

#4 Mooney12

Mooney12
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 02 April 2006 - 06:41 AM

Hi there,

Thankyou for your quick response. I managed to get spybot working. It seemed to stop when it tried to fix a piece of software known as command something or other! But it got everything else and then ad aware managed the last bit.

Spybot is excellent. A brilliant piece of software. I "think" my system is now clean. Certainly the pop-ups are gone.

Here is my log: Is everything now ok?

Logfile of HijackThis v1.99.1
Scan saved at 12:36:40, on 02/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\windows\mousepad7.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SMANTE~1\nslookup.exe
C:\WINDOWS\??mbols\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://officeupdate.microsoft.com/office/r...nswerWizard.asp
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int139749.exe -auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\SMANTE~1\nslookup.exe" -vt yazr
O4 - HKCU\..\Run: [Ychxvd] C:\WINDOWS\??mbols\alg.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Net Wiper v2.50 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\NetWiper\netwiper (file missing)
O9 - Extra 'Tools' menuitem: Net Wiper v2.50 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\NetWiper\netwiper (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSI...MetaStream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn163.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn163.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFC82B1E-AB7C-4927-95D4-6E9E6ABA1E42}: NameServer = 194.74.65.68 194.72.0.114
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\ir2ql5f51.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#5 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 PM

Posted 02 April 2006 - 08:07 AM

Better, but not clean yet. :thumbsup:

You have couple infections left but I want to be sure on one thing..

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

Hi there, stranger!

#6 Mooney12

Mooney12
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 02 April 2006 - 10:12 AM

I cannot get this panda scan running. It downloads the ActiveX controls, a green bar appears and it says it is complete. But then how do I run the actual scan. I cannot find the "my computer" button.

This is what it says:

ActiveScan has started.....

You are about to start the scan and get a second opinion on the security of your PC.

Please wait a moment while ActiveScan completes the download.If this is the first time you scan your PC, you'll have to download the ActiveX controls (a technology that allows ActiveScan to be run on your computer).

This download size is 8 MB.

0 seconds
left

The scan isnt running however :thumbsup:

#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 PM

Posted 02 April 2006 - 10:13 AM

Lets try Kaspersky instead. :thumbsup:

Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Hi there, stranger!

#8 Mooney12

Mooney12
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 02 April 2006 - 04:25 PM

Ok, perhaps the computer isnt clean quite yet!! :thumbsup:




Scan Statistics
Total number of scanned objects 136369
Number of viruses found 16
Number of infected objects 364
Number of suspicious objects 0
Duration of the scan process 02:30:49

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\2002-09-10 Seybold San Francisco.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\2002-09-10 Seybold San Francisco.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\911 Calls 9.11.01 - mp3s.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\911 Calls 9.11.01 - mp3s.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Air America Radio - The Al Franken Show 033106 [mp3].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Air America Radio - The Al Franken Show 033106 [mp3].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Air America Radio - The Marc Maron Show 033006 [mp3].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Air America Radio - The Marc Maron Show 033006 [mp3].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Alexander Kent - Sloop Of War.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Alexander Kent - Sloop Of War.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Alexandersson - Living Water - Viktor Schauberger and the Secrets of Natural Energy (1990) pdf.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Alexandersson - Living Water - Viktor Schauberger and the Secrets of Natural Energy (1990) pdf.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Atlas Shrugged Unabridged Audiobook (Part 1 of 5) $Nalyk$.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Atlas Shrugged Unabridged Audiobook (Part 1 of 5) $Nalyk$.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Atomix Virtual DJ v3.4 incl crack.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Atomix Virtual DJ v3.4 incl crack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\AUTODESK AUTOCAD 2007 MULTILENGUAJE.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\AUTODESK AUTOCAD 2007 MULTILENGUAJE.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Best Air Guitars Vol I, II, III.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Best Air Guitars Vol I, II, III.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Best Minisigs.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Best Minisigs.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Braqueurs Amateurs DVDrip fr ajouté par Funtorrent.net.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Braqueurs Amateurs DVDrip fr ajouté par Funtorrent.net.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Cheaper By The Dozen 2 2005 DVDRip XviD-LiNE [www descargasweb net].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Cheaper By The Dozen 2 2005 DVDRip XviD-LiNE [www descargasweb net].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Close to Home 1x17 (HDTV-FOV)[VTV].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Close to Home 1x17 (HDTV-FOV)[VTV].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Collection Of Art - Vincent Van Gogh.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Collection Of Art - Vincent Van Gogh.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Conviction S01E05 HDTV XviD-LOL [eztv].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Conviction S01E05 HDTV XviD-LOL [eztv].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\CRACKTomb Raider Legend CRACK-RELOADED.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\CRACKTomb Raider Legend CRACK-RELOADED.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\D-Soft Security One - Full Version 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\D-Soft Security One - Full Version 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\D.O.A.F. 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\D.O.A.F. 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\D20 RPG Assistant 7.02.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\D20 RPG Assistant 7.02.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Daily To-Do List 1.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Daily To-Do List 1.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DailyPIM 3.93 build 20060307.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DailyPIM 3.93 build 20060307.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Darren Shan 1 und der Mitternachtszirkus seeded by fiede rar.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Darren Shan 1 und der Mitternachtszirkus seeded by fiede rar.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Dartscore 2005 1.1.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Dartscore 2005 1.1.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Data Destroyer 7.31t.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Data Destroyer 7.31t.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Data Monkey - Data Editor 2.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Data Monkey - Data Editor 2.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Data Scriptor 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Data Scriptor 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Database Tour Pro 5.0.7.655.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Database Tour Pro 5.0.7.655.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DataObjects.NET Express 3.8.5.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DataObjects.NET Express 3.8.5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Date Movie DVDRiP XViD-DEiTY avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Date Movie DVDRiP XViD-DEiTY avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Dating Pro FEB.2006.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Dating Pro FEB.2006.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DayNotez PPC Desktop Edition 1.0.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DayNotez PPC Desktop Edition 1.0.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DB Audit 3.0.07.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DB Audit 3.0.07.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\dbdesc 1.4.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\dbdesc 1.4.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DBMaestro Freeware Edition 3.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DBMaestro Freeware Edition 3.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DbSketch 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DbSketch 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DC++ Acceleration Patch 3.4.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DC++ Acceleration Patch 3.4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DDObjects 0.9.13.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DDObjects 0.9.13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DeadLine 2.30 build 964.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DeadLine 2.30 build 964.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Debug Tray 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Debug Tray 1.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Def Leppard - The Ballad Album [2006, Melodic Rock, 192K, MP3].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Def Leppard - The Ballad Album [2006, Melodic Rock, 192K, MP3].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DVD to AVI Toolkit AiO [vertigo173].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\DVD to AVI Toolkit AiO [vertigo173].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\FHM Magazine - March 2006.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\FHM Magazine - March 2006.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Garbage, The Best of - Unofficial.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Garbage, The Best of - Unofficial.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Garfield Strips 1996 2005.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Garfield Strips 1996 2005.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ghost Whisperer 1x19 Fury HDTV XviD-FoV [eztv].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ghost Whisperer 1x19 Fury HDTV XviD-FoV [eztv].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Google Acquires Mininova.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Google Acquires Mininova.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Gradius Portable JAP works.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Gradius Portable JAP works.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Gumball 3000 - 2005 Edition - Pics from Anov == www gumball-3000 com==.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Gumball 3000 - 2005 Edition - Pics from Anov == www gumball-3000 com==.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hadith Reader for Mobile Phones 1.3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hadith Reader for Mobile Phones 1.3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Half-Life 2 demo .zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Half-Life 2 demo .zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Half-Life 2 Empires mod 1.0 beta.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Half-Life 2 Empires mod 1.0 beta.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Half-Life Facility Escape 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Half-Life Facility Escape 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Halloween Club 1.01.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Halloween Club 1.01.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\HandOdds for Texas Hold'em 2.11.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\HandOdds for Texas Hold'em 2.11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\HandoVideo Converter Lite 2.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\HandoVideo Converter Lite 2.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\HandoVideo Converter Pro 2.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\HandoVideo Converter Pro 2.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Handy Dandy Planner 2.6.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Handy Dandy Planner 2.6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Handy Recovery 3.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Handy Recovery 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\HanWJ Chinese Typing Tutorial 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\HanWJ Chinese Typing Tutorial 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hanzibar - ChineseJapaneseEnglish Toolbar 1.2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hanzibar - ChineseJapaneseEnglish Toolbar 1.2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\High Quality Fonts.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\High Quality Fonts.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hilltop Hoods - The Hard Road - 2006 192kps.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hilltop Hoods - The Hard Road - 2006 192kps.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hoodwinked DVDSCR XviD-BABiES.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hoodwinked DVDSCR XviD-BABiES.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Horus - Prince of the Sun [DVD rip, english subtitled, classic Miyazaki, 1968].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Horus - Prince of the Sun [DVD rip, english subtitled, classic Miyazaki, 1968].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Howard Stern Friday Show 03-31-06 24k.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Howard Stern Friday Show 03-31-06 24k.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hustle S03E04 WS PDTV XviD-GOTHiC [eztv].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Hustle S03E04 WS PDTV XviD-GOTHiC [eztv].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 El Deshielo SAMPLE [Spanish] [TeleSync] [WwW EstrenosDivX CoM] avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 El Deshielo SAMPLE [Spanish] [TeleSync] [WwW EstrenosDivX CoM] avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 el deshielo TS XviD Mp3 Sample Spanish www freakdivx com avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 el deshielo TS XviD Mp3 Sample Spanish www freakdivx com avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 el deshielo TS XviD Mp3 Spanish www freakdivx com avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 el deshielo TS XviD Mp3 Spanish www freakdivx com avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 El Deshielo [CVCD] [Spanish] [TeleSync] [WwW EstrenosDivX CoM] mpg.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 El Deshielo [CVCD] [Spanish] [TeleSync] [WwW EstrenosDivX CoM] mpg.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 El Deshielo [Spanish] [TeleSync] [WwW EstrenosDivX CoM] avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 El Deshielo [Spanish] [TeleSync] [WwW EstrenosDivX CoM] avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 The Meltdown TS-NOD.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 The Meltdown TS-NOD.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 [TS-Screener] [www elitetorrent net].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ice Age 2 [TS-Screener] [www elitetorrent net].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\In Justice 113 hdtv-lol [VTV][EZTV].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\In Justice 113 hdtv-lol [VTV][EZTV].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\James Bond Game This Is So Awesome You Have To Get It.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\James Bond Game This Is So Awesome You Have To Get It.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\James Lee Burke - In the Moon of Red Ponies.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\James Lee Burke - In the Moon of Red Ponies.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Justice League Season 1 Volume 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Justice League Season 1 Volume 1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Kitchen Confidential S01E08 WS PDTV XviD-BiA [eztv].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Kitchen Confidential S01E08 WS PDTV XviD-BiA [eztv].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\l'equipe du 31 03 2006 pdf.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\l'equipe du 31 03 2006 pdf.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\lair GDC zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\lair GDC zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Laura Lee Radio Archives New Science 2000 2005.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Laura Lee Radio Archives New Science 2000 2005.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Le Monde PDF 01 04 06 zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Le Monde PDF 01 04 06 zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Les Equipe de 5-24 + 26-31 Mars 2006.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Les Equipe de 5-24 + 26-31 Mars 2006.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Lil Kim Countdown To Lockdown S01E03 DSR XviD-iNDiCA [eztv].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Lil Kim Countdown To Lockdown S01E03 DSR XviD-iNDiCA [eztv].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\LL Cool J Feat Jennifer Lopez - Control Myself [SatRip] [WwW LiMiTeDiVx CoM] By Regenzy.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\LL Cool J Feat Jennifer Lopez - Control Myself [SatRip] [WwW LiMiTeDiVx CoM] By Regenzy.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Logic EXpress 7. 2 and serial.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Logic EXpress 7. 2 and serial.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Lost TV Series Official Soundtrack (OST - VBR).zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Lost TV Series Official Soundtrack (OST - VBR).zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Macworld San Francisco 2001.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Macworld San Francisco 2001.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\MacWorld SanFrancisco 2000.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\MacWorld SanFrancisco 2000.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Madonna - Confessions on a Dancefloor 2CD.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Madonna - Confessions on a Dancefloor 2CD.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Magicbit iPod Video Converter v1 2 24 316-HERiTAGE zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Magicbit iPod Video Converter v1 2 24 316-HERiTAGE zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Magicbit PSP Video Converter v1 2 24 316-HERiTAGE zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Magicbit PSP Video Converter v1 2 24 316-HERiTAGE zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Microsoft Windows Vista 32bit Build 5342 Dvd Winbeta Teamextream.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Microsoft Windows Vista 32bit Build 5342 Dvd Winbeta Teamextream.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\motorstorm GDC zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\motorstorm GDC zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\My Family S06E03 WS PDTV XviD-RiVER [eztv].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\My Family S06E03 WS PDTV XviD-RiVER [eztv].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Numb3rs 2x18 (HDTV-LOL) [VTV].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Numb3rs 2x18 (HDTV-LOL) [VTV].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Numb3rs S02E18 HDTV XviD-LOL [eztv].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Numb3rs S02E18 HDTV XviD-LOL [eztv].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Oblivion The Elder Scrolls 4 Fr Dvdiso.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Oblivion The Elder Scrolls 4 Fr Dvdiso.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\OReilly - PHP Pocket Reference 2nd Edition chm.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\OReilly - PHP Pocket Reference 2nd Edition chm.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\OReilly Google The Missing Manual 2nd Edition Mar 2006 eBook-BBL.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\OReilly Google The Missing Manual 2nd Edition Mar 2006 eBook-BBL.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Passware Password Kit Enterprise v7 0 build 1187 [WWW TORRENTAT UNI CC].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Passware Password Kit Enterprise v7 0 build 1187 [WWW TORRENTAT UNI CC].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\PC Magazine April 11 2006 PDF eBook-YYePG.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\PC Magazine April 11 2006 PDF eBook-YYePG.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Peter Jackson's King Kong PSP Pre Fixed EUR [PSPDude].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Peter Jackson's King Kong PSP Pre Fixed EUR [PSPDude].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Pink - I'm Not Dead [2006][CD+Vid+Covers]192Kbps.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Pink - I'm Not Dead [2006][CD+Vid+Covers]192Kbps.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\prikon breakf16.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\prikon breakf16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\ratchet clank GDC zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\ratchet clank GDC zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Rpg 3e D20 D D Dragon Magazines 340 342.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Rpg 3e D20 D D Dragon Magazines 340 342.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Satanic[2] 2006 STV PROPER DVDRip XviD-PROMiSE.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Satanic[2] 2006 STV PROPER DVDRip XviD-PROMiSE.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Shostakovich - Fantastic Dances, 24 Preludes, Piano Sonata No 2 (Tatiana Nikolayeva).zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Shostakovich - Fantastic Dances, 24 Preludes, Piano Sonata No 2 (Tatiana Nikolayeva).zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\SnagIt v8 0 1 Incl Keymaker-ZWT zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\SnagIt v8 0 1 Incl Keymaker-ZWT zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Snow Patrol - Eyes Open Advanced-a DHZ Inc release.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Snow Patrol - Eyes Open Advanced-a DHZ Inc release.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Stephen King (Richard Bachman) - The Bachman Books, 32kbs MP3 rkl.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Stephen King (Richard Bachman) - The Bachman Books, 32kbs MP3 rkl.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Superman Returns Workprint Code9.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Superman Returns Workprint Code9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tananarive Due - The Good House.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tananarive Due - The Good House.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\The GodFather Complete Box Collection Plus Bonus Disc 2001 PAL-K.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\The GodFather Complete Box Collection Plus Bonus Disc 2001 PAL-K.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\The Green Wing S02E01 WS PDTV XviD-RiVER [eztv].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\The Green Wing S02E01 WS PDTV XviD-RiVER [eztv].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\The Inside 1x11 (PDTV-GOTHiC)[VTV].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\The Inside 1x11 (PDTV-GOTHiC)[VTV].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\The Streets - The Hardest Way To Make an Easy Living - Advance 2006.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\The Streets - The Hardest Way To Make an Easy Living - Advance 2006.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend CloneDVD-iTWINS.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend CloneDVD-iTWINS.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend CloneDVD-iTWINS[MULTI7][PC][BRANDNEW][WEBSEED].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend CloneDVD-iTWINS[MULTI7][PC][BRANDNEW][WEBSEED].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend [DVD] [Multi5][www tensiontorrent com].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend [DVD] [Multi5][www tensiontorrent com].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend [PCDVD][MULTi7][www pctorrent com].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend [PCDVD][MULTi7][www pctorrent com].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend-RELOADED{www el-torrent com}.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tomb Raider Legend-RELOADED{www el-torrent com}.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tool - 10000 Days mp3 10,000 Days 2006.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Tool - 10000 Days mp3 10,000 Days 2006.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Top Gear Vol 2- torrentlounge com.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Top Gear Vol 2- torrentlounge com.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Total Training Training Master Collection Advanced Adobe Photoshop CS2 rar.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Total Training Training Master Collection Advanced Adobe Photoshop CS2 rar.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ubb Presents Roller Coaster Tycoon 3 Addon Wild German Clonecd Silentgate Rar.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ubb Presents Roller Coaster Tycoon 3 Addon Wild German Clonecd Silentgate Rar.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ubersoldier [PCDVD][English][www pctorrent com].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ubersoldier [PCDVD][English][www pctorrent com].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ubersoldier-RELOADED AND UNCUT PATCH-www.bitworld.info.torrent.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ubersoldier-RELOADED AND UNCUT PATCH-www.bitworld.info.torrent.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Underoath-Define The Great Line-EP-2006-KzT.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Underoath-Define The Great Line-EP-2006-KzT.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\V For Vendetta.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\V For Vendetta.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\VA - Ministry Of Sound - Housexy Spring 2006 - Mixed By Nick Bridges.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\VA - Ministry Of Sound - Housexy Spring 2006 - Mixed By Nick Bridges.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\VSO Software ConvertXtoDVD v2 0 10 122 Cracked-F4CG zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\VSO Software ConvertXtoDVD v2 0 10 122 Cracked-F4CG zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\warhawk GDC zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\warhawk GDC zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Windows XP Professional Corporate SP2 Integrated March 2006 MULTI IMAGE-ETH0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Windows XP Professional Corporate SP2 Integrated March 2006 MULTI IMAGE-ETH0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\WinRAR 3 60 Beta 1 rar.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\WinRAR 3 60 Beta 1 rar.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\WinRAR 3.60 Beta1 With Full Activation Patch.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\WinRAR 3.60 Beta1 With Full Activation Patch.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Winrar v3 60 + Patch zip.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Winrar v3 60 + Patch zip.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\YAD Japanese-English Dictionary with Example senetences.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\YAD Japanese-English Dictionary with Example senetences.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ys 6 The Ark of Napishtim USA FIX READNFO PSP-REBORN Repack rar.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Ys 6 The Ark of Napishtim USA FIX READNFO PSP-REBORN Repack rar.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Yu-Gi-Oh! GX - 48 - Rise of the Sacred Beasts Pt 1 {C P} avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\Yu-Gi-Oh! GX - 48 - Rise of the Sacred Beasts Pt 1 {C P} avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[a f k ] Karin - 19 avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[a f k ] Karin - 19 avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Bakakozou] Blood 23 avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Bakakozou] Blood 23 avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[C1]MaRChen Awakens Romance - 34[XviD][1973C3F3] avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[C1]MaRChen Awakens Romance - 34[XviD][1973C3F3] avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[E-BOOK ENG]J.K. Rowling - Fantastic Beasts & Where to Find Them[TNT VILLAGE].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[E-BOOK ENG]J.K. Rowling - Fantastic Beasts & Where to Find Them[TNT VILLAGE].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[E-BOOK ENG]J.K. Rowling - Quidditch Through The Ages[TNT VILLAGE].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[E-BOOK ENG]J.K. Rowling - Quidditch Through The Ages[TNT VILLAGE].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Eclipse] Fate-stay night - 13 (XviD) [C4290631] avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Eclipse] Fate-stay night - 13 (XviD) [C4290631] avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[ITDK] Ergo Proxy 04 [VOSTFR].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[ITDK] Ergo Proxy 04 [VOSTFR].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Mirage-Team] Naruto 178 [VOSTFR].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Mirage-Team] Naruto 178 [VOSTFR].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[OPT]One Piece vostfr 181 avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[OPT]One Piece vostfr 181 avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[PDF - ENG]Html Xhtml And Css Bible 3rd Edition [tntvillage].zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[PDF - ENG]Html Xhtml And Css Bible 3rd Edition [tntvillage].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[PSP]Syphon Filter Dark Mirror [by pSyPSP][www ESPALPSP com] rar.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[PSP]Syphon Filter Dark Mirror [by pSyPSP][www ESPALPSP com] rar.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Shinsen-Subs] Blood+ 22 [FF10D2EE] avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Shinsen-Subs] Blood+ 22 [FF10D2EE] avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Spanish Newspaper] El Pais PDF 01 04 2006.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[Spanish Newspaper] El Pais PDF 01 04 2006.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[S^M] Mai ZHiME 25 26 END SP RAW avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Complete\[S^M] Mai ZHiME 25 26 END SP RAW avi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.w skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Local Settings\Temp\drsmartload637a.exe Infected: Trojan-Downloader.Win32.VB.vz skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Local Settings\Temp\Temporary Internet Files\Content.IE5\052JSD6V\mousepad7[1].exe Infected: Trojan-Downloader.Win32.VB.zw skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Local Settings\Temp\Temporary Internet Files\Content.IE5\I78XMNOD\keyboard6[1].exe Infected: Trojan-Downloader.Win32.VB.zo skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Local Settings\Temp\Temporary Internet Files\Content.IE5\SH0JERSZ\mousepad6[3].exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Local Settings\Temp\Temporary Internet Files\Content.IE5\SH0JERSZ\newname6[1].exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\Local Settings\Temp\Temporary Internet Files\Content.IE5\WHABCDYB\keyboard7[1].exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\mc-110-12-0000137.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.p skipped
C:\Documents and Settings\Cllr. Sir Reg Empey\mc-110-12-0000137.exe NSIS: infected - 1 skipped
C:\DR140306.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\DR140306.exe NSIS: infected - 1 skipped
C:\Program Files\outlook\outlook.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\outlook\p.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\outlook\p.zip ZIP: infected - 1 skipped
C:\Program Files\outlook\v.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Sуmantec\nslookup.exe Infected: Trojan-Downloader.Win32.PurityScan.w skipped
C:\sk02.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\sk02.exe NSIS: infected - 1 skipped
C:\stub.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Veracruz.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Veracruz.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Veracruz.exe NSIS: infected - 2 skipped
C:\WINDOWS\keyboard4.exe Infected: Trojan-Downloader.Win32.VB.zk skipped
C:\WINDOWS\keyboard5.exe Infected: Trojan-Downloader.Win32.VB.zl skipped
C:\WINDOWS\keyboard6.exe Infected: Trojan-Downloader.Win32.VB.zo skipped
C:\WINDOWS\keyboard7.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\WINDOWS\mousepad4.exe Infected: Trojan-Clicker.Win32.VB.lv skipped
C:\WINDOWS\mousepad5.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\WINDOWS\mousepad6.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\WINDOWS\mousepad7.exe Infected: Trojan-Downloader.Win32.VB.zw skipped
C:\WINDOWS\newname4.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\WINDOWS\newname5.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\WINDOWS\newname6.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\WINDOWS\newname7.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\WINDOWS\SYSTEM32\pre1.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\WINDOWS\SYSTEM32\winlog.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\WinFrgn.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WinFrgn.exe NSIS: infected - 1 skipped
Scan process completed.

#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 PM

Posted 03 April 2006 - 07:19 AM

Maybe not :thumbsup:

==

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download Ewido Anti-Malware
  • Install Ewido Anti-malware
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

==

2. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

3. Once in Safe Mode, Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido anti-malware.

==

4. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the Scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :flowers:
Hi there, stranger!

#10 Mooney12

Mooney12
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 06 April 2006 - 08:19 AM

Hi again,

Had a few problems Im afraid.

Ewido kept crashing, just like spybot when it tried to clean files. In this case everytime it tried to clean out surfsidekick it just stopped! With each scan taking 2hrs this was a right pain. My computer then got quite bad and nothing worked for a while. But I managed to clear out a lot of the spyware as I had done before. I then ran ewido and it cleaned properly. Unfortunately I know Im still infected as I get the odd pop-up still and Im sure it's only a matter of time until it all floods back as it did before. I feel my only option may be to format c: and start again...

Here is my latest log:

Logfile of HijackThis v1.99.1
Scan saved at 14:07:44, on 06/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\mousepad9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\??mbols\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://officeupdate.microsoft.com/office/r...nswerWizard.asp
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Privacy Protector] "C:\PROGRA~1\PRIVAC~1\privacy.exe" min
O4 - HKLM\..\Run: [w002d7f5.dll] RUNDLL32.EXE w002d7f5.dll,I2 00024e7e0002d7f5
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\SMANTE~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [Ychxvd] C:\WINDOWS\??mbols\alg.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Net Wiper v2.50 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\NetWiper\netwiper (file missing)
O9 - Extra 'Tools' menuitem: Net Wiper v2.50 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\NetWiper\netwiper (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSI...MetaStream3.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn163.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn163.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFC82B1E-AB7C-4927-95D4-6E9E6ABA1E42}: NameServer = 194.74.65.68 194.72.0.114
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\enp8l17u1.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\h4n00e5meh.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Here is the ewido report:

#11 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 PM

Posted 06 April 2006 - 09:45 AM

Wait; no Format C: yet. I have tricks up my sleeve. :thumbsup:

Lets try fixing Look2Me.

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download Look2Me-Destroyer to your desktop.

Before continuing with the fix there is something you must do:
  • Click Start -> Run and type in: services.msc
  • Check that the following services are running and that their startup is set to automatic:
  • Seclogon, or Secondary logon service
  • Next your machine needs to be offline, manually disconnect the network cable if necessary.
  • Your antivirus, and every other security software MUST be disabled.
Now continue:
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Re-launch your Anti-virus/Firewall protection.
  • Re-connect back to the internet.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log. :flowers:
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
Hi there, stranger!

#12 Mooney12

Mooney12
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 07 April 2006 - 08:42 AM

Some success with that I think! :thumbsup: All the normal spyware did return, such as ssk,monnet,webhancer...etc
But I have got rid of it again and all the scans do now come up negative. Look2me seem to be gone.

Log:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 07/04/2006 12:50:07

Infected! C:\WINDOWS\system32\enp8l17u1.dll
Infected! C:\WINDOWS\system32\o0rola931d.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\o0rola931d.dll
C:\WINDOWS\system32\o0rola931d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6B093921-9D69-4523-ABEB-7DEDEFCC6909}"
HKCR\Clsid\{6B093921-9D69-4523-ABEB-7DEDEFCC6909}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{860F0738-EDC3-4206-B769-AD0CAE7C4D1F}"
HKCR\Clsid\{860F0738-EDC3-4206-B769-AD0CAE7C4D1F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4FDE9C11-20FE-4ABD-8E42-57EBCCD38CE3}"
HKCR\Clsid\{4FDE9C11-20FE-4ABD-8E42-57EBCCD38CE3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A249BE2D-B20D-49ED-BFAF-0220A821BFEC}"
HKCR\Clsid\{A249BE2D-B20D-49ED-BFAF-0220A821BFEC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6B55D4AB-9384-42F9-B12D-D1B9A7DCA8EA}"
HKCR\Clsid\{6B55D4AB-9384-42F9-B12D-D1B9A7DCA8EA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{02EC1068-7186-4252-96A7-3152755FA593}"
HKCR\Clsid\{02EC1068-7186-4252-96A7-3152755FA593}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F1F11D31-7966-404C-ABCB-4AB46927B461}"
HKCR\Clsid\{F1F11D31-7966-404C-ABCB-4AB46927B461}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{75678F9E-38FF-41B6-A059-35C402F333C2}"
HKCR\Clsid\{75678F9E-38FF-41B6-A059-35C402F333C2}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4DF92C4E-8D15-4E26-9138-E43C3D711E1C}"
HKCR\Clsid\{4DF92C4E-8D15-4E26-9138-E43C3D711E1C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F21F8D48-12EF-4679-BB2A-6C3342C2E8C0}"
HKCR\Clsid\{F21F8D48-12EF-4679-BB2A-6C3342C2E8C0}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CB4AF8E9-F528-4802-ACDD-BAEAFDFD90A1}"
HKCR\Clsid\{CB4AF8E9-F528-4802-ACDD-BAEAFDFD90A1}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7AC4E0A-F563-466F-9CB2-AE9B0A8630B1}"
HKCR\Clsid\{D7AC4E0A-F563-466F-9CB2-AE9B0A8630B1}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4920821A-9917-4AA5-AE84-A04430DD03A5}"
HKCR\Clsid\{4920821A-9917-4AA5-AE84-A04430DD03A5}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8BAF0CE4-1522-432E-892F-259AFA179658}"
HKCR\Clsid\{8BAF0CE4-1522-432E-892F-259AFA179658}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9FCF3530-B72C-4971-A949-20756BB5376D}"
HKCR\Clsid\{9FCF3530-B72C-4971-A949-20756BB5376D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DB3929B2-D10D-4886-AE36-1736468885BF}"
HKCR\Clsid\{DB3929B2-D10D-4886-AE36-1736468885BF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{36C13543-F658-4D64-9349-DE1288F630C9}"
HKCR\Clsid\{36C13543-F658-4D64-9349-DE1288F630C9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A556E7C2-A162-4DEE-A5EF-15D5DE112D2C}"
HKCR\Clsid\{A556E7C2-A162-4DEE-A5EF-15D5DE112D2C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E68856E2-85F8-4BB3-986B-CDE078FEA2C5}"
HKCR\Clsid\{E68856E2-85F8-4BB3-986B-CDE078FEA2C5}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{ED70CC88-B058-4F94-B580-864E232421CE}"
HKCR\Clsid\{ED70CC88-B058-4F94-B580-864E232421CE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{41AB6A98-4E72-40D1-9F71-C8D9ACE61AAB}"
HKCR\Clsid\{41AB6A98-4E72-40D1-9F71-C8D9ACE61AAB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7BE92AF4-40E0-4480-A66E-3392C5B81342}"
HKCR\Clsid\{7BE92AF4-40E0-4480-A66E-3392C5B81342}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{87FC5EEB-4CEF-4938-ACDA-3FA0640B9D41}"
HKCR\Clsid\{87FC5EEB-4CEF-4938-ACDA-3FA0640B9D41}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{55C1C12A-857A-4B3F-98FD-7859D8502660}"
HKCR\Clsid\{55C1C12A-857A-4B3F-98FD-7859D8502660}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CE51469E-DEC5-4C62-8C67-9A943DCCB501}"
HKCR\Clsid\{CE51469E-DEC5-4C62-8C67-9A943DCCB501}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{61198F1C-B0E8-4293-97BD-4DDE86902183}"
HKCR\Clsid\{61198F1C-B0E8-4293-97BD-4DDE86902183}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

Here is my latest hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 14:40:41, on 07/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SMANTE~1\nslookup.exe
C:\WINDOWS\??mbols\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://officeupdate.microsoft.com/office/r...nswerWizard.asp
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Privacy Protector] "C:\PROGRA~1\PRIVAC~1\privacy.exe" min
O4 - HKLM\..\Run: [w002d7f5.dll] RUNDLL32.EXE w002d7f5.dll,I2 00024e7e0002d7f5
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\SMANTE~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [Ychxvd] C:\WINDOWS\??mbols\alg.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Net Wiper v2.50 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\NetWiper\netwiper (file missing)
O9 - Extra 'Tools' menuitem: Net Wiper v2.50 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\NetWiper\netwiper (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSI...MetaStream3.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn163.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn163.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFC82B1E-AB7C-4927-95D4-6E9E6ABA1E42}: NameServer = 194.74.65.68 194.72.0.114
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#13 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 PM

Posted 07 April 2006 - 08:57 AM

Good. Because now that you have look2me gone and your SeDeBugPrivileges should be fine, the other fixes should work better. :thumbsup:

Go ahead and uninstall Look2Me-Destroyer and SideKickFix aswell as Ewido (for now).

==

Since you have alot of other stuff there, and Ewido keeps crashing and Panda doesn't work, lets give a shot to SpySweeper..

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with a fresh HijackThis log. :flowers:

Hi there, stranger!

#14 Mooney12

Mooney12
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 07 April 2006 - 11:16 AM

Spysweeper seems to have run successfully and did find more infections.

Here is a fresh hijack this log and below that, the spysweeper log:

Logfile of HijackThis v1.99.1
Scan saved at 17:03:42, on 07/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\??mbols\alg.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://officeupdate.microsoft.com/office/r...nswerWizard.asp
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Privacy Protector] "C:\PROGRA~1\PRIVAC~1\privacy.exe" min
O4 - HKLM\..\Run: [w002d7f5.dll] RUNDLL32.EXE w002d7f5.dll,I2 00024e7e0002d7f5
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Ychxvd] C:\WINDOWS\??mbols\alg.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSI...MetaStream3.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn163.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn163.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#15 Mooney12

Mooney12
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 07 April 2006 - 11:17 AM

This isnt the full spysweeper log, just the end of it. It wouldnt allow me to post all of the log, something to do with my "BB" code?!


16:36: Warning: Invalid Stream
16:37: File Sweep Complete, Elapsed Time: 00:58:48
16:37: Full Sweep has completed. Elapsed time 01:04:14
16:37: Traces Found: 499
16:45: Removal process initiated
16:46: Quarantining All Traces: 180search assistant/zango
16:46: Quarantining All Traces: look2me
16:46: Quarantining All Traces: purityscan
16:46: purityscan is in use. It will be removed on reboot.
16:46: nslookup.exe is in use. It will be removed on reboot.
16:46: Quarantining All Traces: trojan downloader matcash
16:50: Quarantining All Traces: dollarrevenue
16:50: Quarantining All Traces: isearch toolbar
16:50: Quarantining All Traces: mindset interactive - favoriteman
16:50: Quarantining All Traces: zquest
16:50: Quarantining All Traces: command
16:50: Quarantining All Traces: euniverse
16:50: Quarantining All Traces: peopleonpage
16:50: Quarantining All Traces: shopathomeselect
16:50: Quarantining All Traces: targetsaver
16:50: Quarantining All Traces: topicks
16:51: Removal process completed. Elapsed time 00:06:25
********
15:30: | Start of Session, 07 April 2006 |
15:30: Spy Sweeper started
15:31: Your spyware definitions have been updated.
15:32: | End of Session, 07 April 2006 |

Edited by Mooney12, 07 April 2006 - 11:19 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users