Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please


  • Please log in to reply
46 replies to this topic

#1 Tragically_Hip

Tragically_Hip

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 31 October 2006 - 02:45 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:39:41 PM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Owner\tm2V0Nn.exe
C:\WINDOWS\system32\adirss.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pg.photos.yahoo.com/ph/tragically_hip_987/my_photos
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca5.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe /remindme
O4 - HKLM\..\Run: [adir] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB0_0_0 -reboot 1
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {E67F5856-E2F5-40FE-9CFF-6AEFC9EA0AAA} (EventLogScan Class) - http://www.windowsecurity.com/eventlogscan/ATLExplorer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDF5A25A-DB55-40AF-916F-40AEA34D16C5}: NameServer = 198.164.30.2 198.164.4.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:44 AM

Posted 01 November 2006 - 11:43 AM

Hi & welcome,

You picked yourself up a few nasties.
You have a mass mailing worm, a virus, and a downloader trojan that acts like a rootkit.

Any clue where you picked this up? Email attachment or MSN link?

You will need to keep this computer offline as much as possible cept to do online scans and post your logs and such.

Part of the problem cleaning up this mess is several of your programs don't work right cus they are infected.
Couple online scanners can effectively deal with it but there will be alot of work to do to clean up remenants.
Please only run the online scanners I tell you. Some will delete all the infected files which will trash most of the system.
Do em in the order presented so the cleanable ones get cleaned and the hidden *.t files get deleted.

Truthfully if it were my machine I would seriously consider a format/re-install of the whole operating system & the programs.
I would have trouble to fully trust my machine after an attack like this.
I will try my best to help clean up but I cannot guarenty everything will be the same or that you will be able to fully trust your system.

I'll lay out the first steps. If you would rather format...let me know.

1.) Open your task manager and end task the following: (if listed)

tm2V0Nn.exe
adirss.exe
wservice.exe


I recommend shutting down other unnecessary programs by the clock. The less you have running...the easier this will be to clean.

2.) Hijackthis needs to be in its own folder unzipped.
If your unzipper is not working right you can download the exe here:

http://spywarewarrior.com/files/HijackThis.exe

Create a folder in your C:\ drive called HJT or similar and move hijackthis.exe to that folder.
It creates backups in case we need em.

3.) Using Internet Explorer run a scan here:

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Allow ActiveX to install
When scan is done, tell it to "Cure" what it sees.
There will be several that are Not curable.
This time choose "delete"
When it is done; save the log please. I will need to see it later.

4.) Next Open Hijackthis, run system scan and check ONLY:

O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [adir] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe


Once Those are checked, close all open windows & click "Fix checked".

Exit Hijackthis & reboot.

5.) Download Dr.Webs CureIt to your desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Once saved...disconnect from internet

Double-click the drweb-cureit.exe file and allow it to run the express scan.

This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select the drives that you want to scan.

Select all drives. A red dot shows which drives have been chosen.

You can click the X on the "Buy" prompt.

Click the green arrow > to the right and the scan will begin.

At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, click the "Select all" toggle button (if available) next to the files found

Then click the green cup icon right below and select Move incurable

This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples).

Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.

Once done...

The logs of the scans will be HUGE. You will not be able to post em here.

Please upload DrWeb.csv, The log file you saved from the online scanner at this site:

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Start yourself a new topic
Put in topic title "Request by Blender"
Put in body of messege the link to our thread here.
then press the browse button and then navigate to & select the log files you saved.
Press Post to upload the file

It is normal you will not see the file you just posted cus only approved members can see em to download them. (we get people to upload malware there too)

let me know here when you have posted.

Post fresh hijackthis log here please.

We will still have work to do. Please keep computer offline as much as possible till determined clean.

Let me know how things are running.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 Tragically_Hip

Tragically_Hip
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 02 November 2006 - 06:33 PM

WELL!... The yesterday I thought I had a little problem that my Spybot Search & Destroy could not fix. So I strolled on in to bleepingcomputer to see if someone could help me. Thats where I met Blender A TRUE SAINT! of the world of computers. First she opened my eyes to the magnitude of my computer problems. I thought it was going to be a quick fix to get rid of some bad files on my desktop. Turns out that with a few scans and alot of her time (God bless her) we found over 3600 infected files. Now, if I were her, I would have given up on me and my computer problems and said "Dude!, go buy yourself a new computer". Ok, now I dont know a freakin thing about computers so not only did she fill out the perscription to fix my computer but she walked me through EVERY STEP!

I would like to conclude by saying my hat is off to you kind people do this out of the goodness of your hearts!

THANK YOU VERY MUCH!

#4 Tragically_Hip

Tragically_Hip
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 02 November 2006 - 06:48 PM

Well aparently we are not in the clear just yet but I have complete faith!

Logfile of HijackThis v1.99.1
Scan saved at 7:44:11 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pg.photos.yahoo.com/ph/tragically_hip_987/my_photos
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca5.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe /remindme
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB0_0_0 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E67F5856-E2F5-40FE-9CFF-6AEFC9EA0AAA} (EventLogScan Class) - http://www.windowsecurity.com/eventlogscan/ATLExplorer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDF5A25A-DB55-40AF-916F-40AEA34D16C5}: NameServer = 198.164.30.2 198.164.4.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#5 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:44 AM

Posted 03 November 2006 - 06:31 PM

Hi :thumbsup:

Sorry I missed you in IRC..I had a nasty migrane. :flowers:

How did the scan go? Still booting up OK?

Let me know how things are going. There will be more logs I need.

Thanks :huh:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#6 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:44 AM

Posted 04 November 2006 - 07:08 PM

Hi :thumbsup:

Got your drweb log ok. It seems likely it froze part way through saving it.

Lets see what is left..

make a new folder on the desktop called tools or something.

1. Download this file and save it to the new folder :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If firewall ask for it to connect to internet please allow. Tool may need to download additional files.
Do NOT run in safe mode!

Then....

click start> run> type cmd.exe and hit enter.
Copy this line:

cd c:\ & dir /a:h /s /b ????????.t >tfiles.txt

Right click in open cmd window & choose paste. Hit enter.
Leave the cmd window open for next step.

Once log is created if anything found please email me that log if it is big.
Otherwise post it here. log is right in your c:\ drive. (tfiles.txt)

Then....

Copy this line:

cd d: & dir /a:h /s /b ????????.t > tfiles2.txt

Right click in your cmd window & choose "paste".
Hit enter.

Once finished log is dropped right in your D:\ drive. (tfiles2.txt)
If large log please email it to me.
If not...please post it here.

Thanks :flowers:

Lets see a new hijackthis log too please.
If hijackthis won't run....download a new copy from here:

http://spywarewarrior.com/files/HijackThis.exe

Save it to the new folder you made for combofix.

Make your sytstem show hidden file extensions.

Go to control panel
Open "folder options"
Under "hidden files and folders" UNcheck "Hide file extensions for known file types"
Apply & OK changes.

Right click hijackthis.exe (the new one)> choose rename> call it hijackthis.com
Run hijackthis> save log & post it here.

Thanks :huh:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#7 Tragically_Hip

Tragically_Hip
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 08 November 2006 - 05:19 PM

Hi Blenders,

Sorry its been a few days since I have been here.

Here is the ComboFix log you were looking for.

Owner - 06-11-08 18:11:27.40 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Owner\Desktop\WEB TOOLS"

((((((((((((((((((((((((((((((( Files Created from 2006-10-08 to 2006-11-08 ))))))))))))))))))))))))))))))))))


2006-11-02 11:06 5,707 --a------ C:\WINDOWS\system32\sdaqvsdb.exe
2006-11-02 11:01 5,707 --a------ C:\WINDOWS\system32\se.exe.exe
2006-11-02 11:01 46,592 --a------ C:\WINDOWS\system32\zlbw.dll
2006-11-02 11:01 15,947 --a------ C:\WINDOWS\system32\w.exe.exe
2006-11-02 11:00 50,763 --a------ C:\WINDOWS\system32\ss.exe.exe
2006-10-20 11:45 25,088 --a------ C:\WINDOWS\system32\anti_troj.exe
2006-10-20 11:45 24,576 --a------ C:\WINDOWS\system32\netstat2.exe
2006-10-20 11:45 24,576 --a------ C:\WINDOWS\system32\dload.exe
2006-10-20 11:45 22,528 --a------ C:\WINDOWS\spp3.dll
2006-10-20 11:45 20,224 --a------ C:\WINDOWS\system32\msmsn.exe
2006-10-20 11:45 19,200 --a------ C:\WINDOWS\system32\POPCORN72.EXE
2006-10-20 11:45 15,616 --a------ C:\WINDOWS\system32\win32hp.dll
2006-10-20 11:45 14,592 --a------ C:\WINDOWS\system32\iewd.exe
2006-10-20 11:45 14,336 --a------ C:\WINDOWS\system32\proqlaim.exe
2006-10-20 11:45 11,264 --a------ C:\WINDOWS\system32\perfont.exe
2006-10-20 11:45 11,008 --a------ C:\WINDOWS\system32\mpsegment.exe
2006-10-20 11:44 9,216 --a------ C:\WINDOWS\xplugin.dll
2006-10-20 11:44 8,960 --a------ C:\WINDOWS\system32\ace16win.dll
2006-10-20 11:44 32,512 --a------ C:\WINDOWS\clrssn.exe
2006-10-20 11:44 29,696 --a------ C:\WINDOWS\mtwirl32.dll
2006-10-20 11:44 29,184 --a------ C:\WINDOWS\winmgnt.exe
2006-10-20 11:44 28,672 --a------ C:\WINDOWS\x.exe
2006-10-20 11:44 28,160 --a------ C:\WINDOWS\wininet32.exe
2006-10-20 11:44 27,136 --a------ C:\WINDOWS\time.exe
2006-10-20 11:44 26,624 --a------ C:\WINDOWS\dialup.exe
2006-10-20 11:44 25,088 --a------ C:\WINDOWS\waol.exe
2006-10-20 11:44 25,088 --a------ C:\WINDOWS\cpan.dll
2006-10-20 11:44 24,832 --a------ C:\WINDOWS\runwin32.exe
2006-10-20 11:44 24,576 --a------ C:\WINDOWS\avpcc.dll
2006-10-20 11:44 24,320 --a------ C:\WINDOWS\y.exe
2006-10-20 11:44 23,808 --a------ C:\WINDOWS\window.exe
2006-10-20 11:44 18,176 --a------ C:\WINDOWS\win64.exe
2006-10-20 11:44 16,128 --a------ C:\WINDOWS\systemcritical.exe
2006-10-20 11:44 15,616 --a------ C:\WINDOWS\winajbm.dll
2006-10-20 11:44 13,824 --a------ C:\WINDOWS\win32e.exe
2006-10-20 11:44 13,568 --a------ C:\WINDOWS\users32.exe
2006-10-20 11:44 12,544 --a------ C:\WINDOWS\olehelp.exe
2006-10-20 11:44 12,032 --a------ C:\WINDOWS\inetdctr.dll
2006-10-20 11:44 12,032 --a------ C:\WINDOWS\accesss.exe
2006-10-20 11:44 10,496 --a------ C:\WINDOWS\systeem.exe
2006-10-20 11:43 8,192 --a------ C:\WINDOWS\system32\sklmnf.exe
2006-10-20 11:43 10,752 --a------ C:\WINDOWS\system32\instreg_tmp.exe
2006-10-20 11:43 0 --a------ C:\WINDOWS\system32\asgp32.dll
2006-10-20 11:42 67,072 --a------ C:\WINDOWS\system32\msmapi32.exe
2006-10-20 11:42 13,824 --a------ C:\WINDOWS\system32\intr32.dll
2006-10-18 10:44 55,371 --a------ C:\WINDOWS\system32\image1.gif.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-04 18:56 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-31 15:36 -------- d-------- C:\Program Files\HijackThis
2006-10-27 12:55 -------- d-------- C:\Program Files\Outlook Express
2006-10-20 13:51 -------- d-------- C:\Program Files\WinAce
2006-10-14 16:59 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-02 16:40 -------- d-------- C:\Program Files\Internet Explorer
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 15:54 1419 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2006-08-22 15:54 0 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB0_0_0 -reboot 1"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB0_0_0 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"PreloadApp"="c:\\hp\\drivers\\printers\\photosmart\\hphprld.exe c:\\hp\\drivers\\printers\\photosmart\\setup.exe -d"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PCPitStopEraser"="C:\\Program Files\\PCPitstop\\Erase\\PCPitStopErase.exe /remindme"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Personal Coach.lnk"
"backup"="C:\\WINDOWS\\pss\\Personal Coach.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BRODER~1\\MAVISB~1\\MINIMA~1.EXE main"
"item"="Personal Coach"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061102-171829-132
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
backup-20061102-171829-634
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
backup-20061102-171829-493
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20061102-171829-315
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
backup-20061102-171829-429
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
backup-20061102-171829-785
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20061102-171829-510
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
backup-20061102-171829-516
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
backup-20061102-171829-764
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
backup-20061102-171829-268
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
backup-20061102-171829-839
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20061102-171829-601
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
backup-20061102-171829-768
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
backup-20061102-171829-278
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
backup-20061102-171829-811
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
backup-20061102-171829-822
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
backup-20061102-171829-761
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
backup-20061102-171829-633
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
backup-20061102-171829-900
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
backup-20061102-171829-996
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1082391782.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-08 18:12:38.93
C:\ComboFix.txt ... 06-11-08 18:12

#8 Tragically_Hip

Tragically_Hip
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 08 November 2006 - 05:49 PM

Current HJT file

Logfile of HijackThis v1.99.1
Scan saved at 6:38:42 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pg.photos.yahoo.com/ph/tragically_hip_987/my_photos
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca5.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe /remindme
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB0_0_0 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E67F5856-E2F5-40FE-9CFF-6AEFC9EA0AAA} (EventLogScan Class) - http://www.windowsecurity.com/eventlogscan/ATLExplorer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDF5A25A-DB55-40AF-916F-40AEA34D16C5}: NameServer = 198.164.30.2 198.164.4.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#9 Tragically_Hip

Tragically_Hip
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 08 November 2006 - 05:59 PM

As you said I ran this test for my c drive and my d drive, it left a log in my c drive but didnt leave a log in my d drive. So I only have the 1 report to post.

Here it is and thank you for your continued assistance.

C:\Documents and Settings\All Users\Documents\vrsxbbbg.t
C:\Documents and Settings\Default User\Local Settings\Temp\aaaewxjp.t
C:\Documents and Settings\Default User\Local Settings\Temp\aaaewxjx.t
C:\Documents and Settings\Default User\Local Settings\Temp\gmxnqgvk.t
C:\Documents and Settings\Default User\Local Settings\Temp\jswfnkcx.t
C:\Documents and Settings\Default User\Local Settings\Temp\myvwkoil.t
C:\Documents and Settings\Default User\Local Settings\Temp\pfuohsoy.t
C:\Documents and Settings\Default User\Local Settings\Temp\sltgewum.t
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\myvwkomy.t
C:\Documents and Settings\Owner\gmxnqgky.t
C:\Documents and Settings\Owner\Desktop\aaaewxir.t
C:\Documents and Settings\Owner\Desktop\aaaewxrf.t
C:\Documents and Settings\Owner\Desktop\aaaewxuq.t
C:\Documents and Settings\Owner\Desktop\dgyvtcbx.t
C:\Documents and Settings\Owner\Desktop\dgyvtcwl.t
C:\Documents and Settings\Owner\Desktop\gmxnqgdl.t
C:\Documents and Settings\Owner\Desktop\gmxnqgdq.t
C:\Documents and Settings\Owner\Desktop\gmxnqgmp.t
C:\Documents and Settings\Owner\Desktop\jswfnkba.t
C:\Documents and Settings\Owner\Desktop\jswfnkby.t
C:\Documents and Settings\Owner\Desktop\jswfnknl.t
C:\Documents and Settings\Owner\Desktop\myvwkohs.t
C:\Documents and Settings\Owner\Desktop\sltgewgk.t
C:\Documents and Settings\Owner\Desktop\sltgewlx.t
C:\Documents and Settings\Owner\Desktop\vrsxbbva.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\aaaewxie.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\dgyvtcod.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\gmxnqgux.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\gmxnqgym.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\jswfnkfk.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\myvwkohk.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\myvwkohr.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\pfuohsrp.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\pfuohsrw.t
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\vrsxbbaa.t
C:\Documents and Settings\Owner\My Documents\Logitech Gallery\dgyvtcvp.t
C:\Documents and Settings\Owner\My Documents\Logitech Gallery\myvwkoop.t
C:\Documents and Settings\Owner\My Documents\tragically_hip_987\receive\vrsxbbpf.t
C:\Documents and Settings\Owner\My Documents\tragically_hip_987\temple_of_the_dog69\flannel_jimmy_987\yahoo shyt\vrsxbbpe.t
C:\Documents and Settings\Owner\My Documents\zone alarm\jswfnkqf.t
C:\download\pfuohshj.t
C:\download\antispyware\gmxnqgod.t
C:\download\antispyware\sltgewjk.t
C:\hp\bin\aaaewxck.t
C:\hp\bin\aaaewxgj.t
C:\hp\bin\aaaewxgp.t
C:\hp\bin\aaaewxkp.t
C:\hp\bin\dgyvtciq.t
C:\hp\bin\dgyvtcmf.t
C:\hp\bin\dgyvtcmg.t
C:\hp\bin\gmxnqgbl.t
C:\hp\bin\gmxnqgsg.t
C:\hp\bin\gmxnqgsw.t
C:\hp\bin\gmxnqgwq.t
C:\hp\bin\jswfnkua.t
C:\hp\bin\jswfnkye.t
C:\hp\bin\jswfnkyl.t
C:\hp\bin\jswfnkys.t
C:\hp\bin\jswfnkyy.t
C:\hp\bin\myvwkofd.t
C:\hp\bin\myvwkofp.t
C:\hp\bin\myvwkofx.t
C:\hp\bin\myvwkofy.t
C:\hp\bin\myvwkoje.t
C:\hp\bin\myvwkojg.t
C:\hp\bin\myvwkojk.t
C:\hp\bin\pfuohshm.t
C:\hp\bin\pfuohsld.t
C:\hp\bin\pfuohslf.t
C:\hp\bin\pfuohsls.t
C:\hp\bin\pfuohsly.t
C:\hp\bin\pfuohspj.t
C:\hp\bin\pfuohspq.t
C:\hp\bin\pfuohspr.t
C:\hp\bin\pfuohspy.t
C:\hp\bin\sltgewrj.t
C:\hp\bin\sltgewrp.t
C:\hp\bin\sltgewvf.t
C:\hp\bin\sltgewvp.t
C:\hp\bin\vrsxbbcd.t
C:\hp\bin\vrsxbbcr.t
C:\hp\bin\vrsxbbcs.t
C:\hp\bin\vrsxbbcy.t
C:\hp\bin\vrsxbbtj.t
C:\hp\bin\vrsxbbtq.t
C:\hp\bin\vrsxbbty.t
C:\hp\bin\vrsxbbxj.t
C:\hp\bin\vrsxbbxx.t
C:\hp\bin\Decoder72\sltgewrg.t
C:\hp\drivers\audio\ADI\ADI3051\3051WDM\gmxnqgbs.t
C:\hp\drivers\audio\ADI\ADI3051\3051WDM\myvwkonm.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\jswfnkhg.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\vrsxbbgw.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SMAXWDM\jswfnkhx.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SMAXWDM\SE\aaaewxoq.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SMAXWDM\SE\gmxnqgbk.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SMAXWDM\W2K_XP\gmxnqgbr.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SMAXWDM\W2K_XP\myvwkonl.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SoundMAX Control Panel\myvwkons.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SoundMAX Control Panel\Sys\jswfnkhs.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SoundMAX Sensaura 3D\dgyvtcux.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SoundMAX Synthesizer\gmxnqgfr.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SoundMAX Synthesizer\jswfnklx.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SoundMAX Synthesizer\myvwkorp.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\SoundMAX Synthesizer\vrsxbbkw.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\Sys\dgyvtcys.t
C:\hp\drivers\audio\ADI\ADI3051\3051WSmax\Sys\myvwkorl.t
C:\hp\drivers\audio\Creative\myvwkord.t
C:\hp\drivers\audio\Creative\sltgewew.t
C:\hp\drivers\audio\Creative\Ctrun\gmxnqgfj.t
C:\hp\drivers\audio\Creative\Directx\vrsxbbkk.t
C:\hp\drivers\audio\Creative\English\Player2\aaaewxsa.t
C:\hp\drivers\audio\Creative\English\Player2\aaaewxwy.t
C:\hp\drivers\audio\Creative\English\Player2\dgyvtcdq.t
C:\hp\drivers\audio\Creative\English\Player2\dgyvtcdr.t
C:\hp\drivers\audio\Creative\English\Player2\gmxnqgfe.t
C:\hp\drivers\audio\Creative\English\Player2\gmxnqgfp.t
C:\hp\drivers\audio\Creative\English\Player2\gmxnqgjp.t
C:\hp\drivers\audio\Creative\English\Player2\gmxnqgjs.t
C:\hp\drivers\audio\Creative\English\Player2\jswfnkpe.t
C:\hp\drivers\audio\Creative\English\Player2\sltgewed.t
C:\hp\drivers\audio\Creative\English\Player2\sltgewim.t
C:\hp\drivers\audio\Creative\English\Player2\Media\jswfnkpg.t
C:\hp\drivers\audio\Creative\English\Player2\News\vrsxbbod.t
C:\hp\drivers\audio\Creative\English\Recorder\gmxnqgns.t
C:\hp\drivers\audio\Creative\English\Recorder\sltgewir.t
C:\hp\drivers\audio\Creative\English\Setup\aaaewxbx.t
C:\hp\drivers\audio\Creative\English\Setup\myvwkoaw.t
C:\hp\drivers\audio\Creative\English\Setup\pfuohsgk.t
C:\hp\drivers\audio\Creative\English\Setup\sltgewmq.t
C:\hp\drivers\audio\Creative\English\Setup\vrsxbbse.t
C:\hp\drivers\audio\Creative\English\Wdmdrv\dgyvtchl.t
C:\hp\drivers\audio\Creative\English\Wdmdrv\vrsxbbsl.t
C:\hp\drivers\audio\Philips\sltgewmf.t
C:\hp\drivers\audio\Philips\vrsxbbss.t
C:\hp\drivers\audio\Realtek\sltgewmm.t
C:\hp\drivers\audio\Sis\pfuohsgg.t
C:\hp\drivers\keyboard\sltgewmp.t
C:\hp\drivers\keyboard\vrsxbbsk.t
C:\hp\drivers\lan\sltgewme.t
C:\hp\drivers\printers\aaaewxne.t
C:\hp\drivers\printers\aaaewxnx.t
C:\hp\drivers\printers\gmxnqgaq.t
C:\hp\drivers\printers\sltgewdl.t
C:\hp\drivers\printers\sltgewye.t
C:\hp\drivers\printers\656c\pfuohsgw.t
C:\hp\drivers\printers\656c\enu\nt4\disk1\sltgewmd.t
C:\hp\drivers\printers\656c\enu\nt4\disk1\nt4\jswfnkta.t
C:\hp\drivers\printers\656c\enu\nt4\disk1\nt4\myvwkoay.t
C:\hp\drivers\printers\656c\enu\nt4\disk1\nt4\sltgewml.t
C:\hp\drivers\printers\825c\sltgewqx.t
C:\hp\drivers\printers\825c\enu\nt4\disk1\dgyvtcle.t
C:\hp\drivers\printers\825c\enu\nt4\disk1\nt4\gmxnqgra.t
C:\hp\drivers\printers\825c\enu\nt4\disk1\nt4\pfuohsgl.t
C:\hp\drivers\printers\825c\enu\nt4\disk1\nt4\sltgewqq.t
C:\hp\drivers\printers\840c\vrsxbbwk.t
C:\hp\drivers\printers\840c\enu\nt4\disk1\pfuohskq.t
C:\hp\drivers\printers\840c\enu\nt4\disk1\nt4\dgyvtcld.t
C:\hp\drivers\printers\840c\enu\nt4\disk1\nt4\jswfnkxf.t
C:\hp\drivers\printers\840c\enu\nt4\disk1\nt4\myvwkoel.t
C:\hp\drivers\printers\845c\myvwkoej.t
C:\hp\drivers\printers\845c\enu\nt4\disk1\pfuohskp.t
C:\hp\drivers\printers\845c\enu\nt4\disk1\nt4\aaaewxfe.t
C:\hp\drivers\printers\845c\enu\nt4\disk1\nt4\jswfnkxl.t
C:\hp\drivers\printers\845c\enu\nt4\disk1\nt4\pfuohskm.t
C:\hp\drivers\printers\920c\gmxnqgva.t
C:\hp\drivers\printers\920c\enu\nt4\disk1\aaaewxjg.t
C:\hp\drivers\printers\920c\enu\nt4\disk1\nt4\pfuohskw.t
C:\hp\drivers\printers\920c\enu\nt4\disk1\nt4\vrsxbbwm.t
C:\hp\drivers\printers\920c\enu\nt4\disk1\nt4\vrsxbbwq.t
C:\hp\drivers\printers\940c\myvwkois.t
C:\hp\drivers\printers\940c\enu\nt4\disk1\gmxnqgvy.t
C:\hp\drivers\printers\940c\enu\nt4\disk1\nt4\aaaewxjq.t
C:\hp\drivers\printers\940c\enu\nt4\disk1\nt4\pfuohsod.t
C:\hp\drivers\printers\940c\enu\nt4\disk1\nt4\vrsxbbbl.t
C:\hp\drivers\printers\960c\gmxnqgvf.t
C:\hp\drivers\printers\960c\enu\nt4\disk1\aaaewxjl.t
C:\hp\drivers\printers\960c\enu\nt4\disk1\nt4\aaaewxjm.t
C:\hp\drivers\printers\960c\enu\nt4\disk1\nt4\myvwkoia.t
C:\hp\drivers\printers\960c\enu\nt4\disk1\nt4\vrsxbbbr.t
C:\hp\drivers\printers\980c\pfuohsoe.t
C:\hp\drivers\printers\980c\enu\nt4\disk1\sltgewuk.t
C:\hp\drivers\printers\980c\enu\nt4\disk1\nt4\dgyvtcpg.t
C:\hp\drivers\printers\980c\enu\nt4\disk1\nt4\dgyvtcpy.t
C:\hp\drivers\printers\980c\enu\nt4\disk1\nt4\jswfnkcd.t
C:\hp\drivers\printers\990c\gmxnqgad.t
C:\hp\drivers\printers\990c\enu\nt4\disk1\jswfnkgj.t
C:\hp\drivers\printers\990c\enu\nt4\disk1\nt4\dgyvtctp.t
C:\hp\drivers\printers\990c\enu\nt4\disk1\nt4\pfuohsol.t
C:\hp\drivers\printers\990c\enu\nt4\disk1\nt4\sltgewur.t
C:\hp\drivers\printers\enu\ereg\32\vrsxbbfa.t
C:\hp\drivers\printers\photosmart\dgyvtcxl.t
C:\hp\drivers\printers\photosmart\jswfnkkm.t
C:\hp\drivers\printers\photosmart\pfuohswr.t
C:\hp\drivers\printers\photosmart\vrsxbbja.t
C:\hp\drivers\printers\photosmart\ccc\dgyvtctj.t
C:\hp\drivers\printers\photosmart\ccc\gmxnqgap.t
C:\hp\drivers\printers\photosmart\ccc\jswfnkgs.t
C:\hp\drivers\printers\photosmart\ccc\myvwkomg.t
C:\hp\drivers\printers\photosmart\ccc\sltgewyl.t
C:\hp\drivers\printers\photosmart\enu\drivers\win2k_xp\myvwkomf.t
C:\hp\drivers\printers\photosmart\enu\drivers\win2k_xp\sltgewyg.t
C:\hp\drivers\printers\photosmart\enu\nt4\Disk1\sltgewdx.t
C:\hp\drivers\printers\photosmart\enu\nt4\Disk1\nt4\aaaewxrj.t
C:\hp\drivers\printers\photosmart\enu\nt4\Disk1\nt4\vrsxbbfp.t
C:\hp\drivers\printers\photosmart\enu\nt4\Disk1\nt4\vrsxbbje.t
C:\hp\drivers\printers\photosmart\util\Hid\gmxnqgej.t
C:\hp\drivers\printers\photosmart\util\Hid\jswfnkkp.t
C:\hp\drivers\printers\photosmart\w2kio\pfuohswx.t
C:\hp\drivers\printers\util\656c\pfuohswm.t
C:\hp\drivers\printers\util\656c\sltgewds.t
C:\hp\drivers\printers\util\656c\vrsxbbjy.t
C:\hp\drivers\printers\util\common\aaaewxrd.t
C:\hp\drivers\printers\util\common\dgyvtcxj.t
C:\hp\drivers\printers\util\common\gmxnqgew.t
C:\hp\drivers\video\jswfnkox.t
C:\hp\drivers\video\sltgewhl.t
C:\hp\drivers\video\vrsxbbne.t
C:\hp\drivers\video\vrsxbbnl.t
C:\hp\drivers\video\vrsxbbnw.t
C:\hp\drivers\video\845\gmxnqgea.t
C:\hp\drivers\video\845\pfuohswe.t
C:\hp\drivers\video\845\sltgewdg.t
C:\hp\drivers\video\845\vrsxbbjm.t
C:\hp\drivers\video\Nforce\dgyvtccs.t
C:\hp\drivers\video\Nforce\myvwkous.t
C:\hp\drivers\video\Nforce\pfuohsbg.t
C:\hp\drivers\video\nvidia\aaaewxvp.t
C:\hp\drivers\video\nvidia\gmxnqgix.t
C:\hp\drivers\video\nvidia\sltgewhe.t
C:\hp\drivers\video\nvidia\vrsxbbnk.t
C:\hp\EXPLOREBAR\pfuohsbm.t
C:\hp\IAccess\dgyvtccj.t
C:\hp\KBD\STATIC\Common\jswfnkok.t
C:\hp\register\gmxnqgqr.t
C:\hp\support\aaaewxep.t
C:\hp\vinetlink\gmxnqgqq.t
C:\hp\vinetlink\pfuohsjq.t
C:\I386\aaaewxml.t
C:\I386\aaaewxmq.t
C:\I386\dgyvtckj.t
C:\I386\dgyvtcsx.t
C:\I386\jswfnkfa.t
C:\I386\jswfnkfg.t
C:\I386\jswfnkfj.t
C:\I386\sltgewpa.t
C:\I386\sltgewxd.t
C:\I386\sltgewxq.t
C:\I386\vrsxbbeq.t
C:\I386\DRW\sltgewxl.t
C:\I386\SYSTEM32\vrsxbbef.t

#10 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:44 AM

Posted 08 November 2006 - 06:15 PM

Hi :thumbsup:

Glad you made it back OK.

As per IRC discussion...

Run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site click the "Scan your PC" button
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
Since you are on a slow connection it will take about 15 minuites for the scanner to load.
10. Click on "Local Disks" to start the scan
11. Once scan is done, click "see report" then "save report"
Save the log someplace.
12. reboot
13. Post Panda scan results in your next reply

I'll be back shortly with more to do.

Thanks :flowers:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#11 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:44 AM

Posted 08 November 2006 - 06:45 PM

Me again...

Once you get the Panda scan done & log posted...(might take 2 posts to get whole log in)

Lets move on to this app:


Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.



Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Please post:

New hijackthis log
Log from AVG antispyware
New combofix log.

Most likely need more than one post to get all logs in so they don't get cut off.

Let me know how things are running.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#12 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:44 AM

Posted 08 November 2006 - 09:14 PM

Just some notes for me...

I asked OP to send me Panda log in email cus it was quite large.
Panda seems to have removed all the *.t files present.
I removed almost all from log.
Infection did spread to the other drive as I had suspected.

I only left a few *.t in the log so others looking here would recognize the infection.

Leftovers: (hoping for AVG to nuke most)

Virus:W32/Nuwar.A.worm Disinfected Operating system
Adware:adware/ipbill Not disinfected C:\WINDOWS\system32\dload.exe
Adware:adware/startpage.aao Not disinfected c:\windows\system32\dload.exe
Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3pssavr.scr
Virus:trj/abwiz.a Disinfected Operating system
Adware:adware/easysearch Not disinfected c:\windows\dialup.exe
Adware:adware/superspider Not disinfected c:\windows\runwin32.exe
Adware:adware/conspy Not disinfected c:\windows\waol.exe
Adware:adware program Not disinfected c:\windows\x.exe
Adware:adware/intcodec Not disinfected Windows Registry
Adware:adware/spyblast Not disinfected Windows Registry
Adware:adware/cws.nfo Not disinfected Windows Registry
Spyware:spyware/surfsidekick Not disinfected Windows Registry
Adware:adware/noname Not disinfected Windows Registry
Spyware:spyware/cws.olehelp Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip[SmitfraudFix/swsc.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\swsc.exe
Virus:W32/Nuwar.A.worm Disinfected C:\Documents and Settings\Owner\Desktop\WEB TOOLS\SmitfraudFix\vrsxbbaa.t
Virus:Trj/Lager.BU Disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0091771.exe
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[bWea43f.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[t5Cr328.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[rwIP13p.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[QgpCH80.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[jA5t02D.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[EK87fE1.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[TJx6oMI.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[MTFu48j.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[fR804Rq.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[o7136tJ.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar[gj74Q5.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[GF343VU.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[qNsG03u.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[I3auH88.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[gV+s54Q.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[cle0g01.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[U0Pu2Eo.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[l4qv20U.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[w85qeO4.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[e37jbie.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[R07B5f.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar[8joE3H.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[mTTfM50.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[Sa6MwI5.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[c4S40uO.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[o8f5CnF.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[xREnq4b.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[e2p3TEs.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[E8kQ3fd.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[J=2O6Sl.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[jakGlgW.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[N0s055R.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar[RAqad8.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[a2vdgar.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[t2mbSsg.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[Iwsa4r5.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[kDa.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[n84bCN3.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[g40UP20.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[QK70r32.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[lh5xVed.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[Q71oMm.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[lu3pPHv.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar[v6hQTpI.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[pP0c251.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[i8ia36V.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[J0Kf2lx.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[p5P4aW6.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[G120jr.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[xdUB70d.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[p263EK.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[C72l7k7.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[ImSImVA.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[LvS50Xm.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar[fRpfJ4F.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[wFNAQvL.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[q2I7moC.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[U00cHoh.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[vILQLuQ.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[JUkbc06.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[VrPmFo5.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[gM64h47.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[L2lg8MJ.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[A5HbSvP.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[erg84qC.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar[h6+Vqpm.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[jk6Vjas.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[h46C3vx.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[x266DB3.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[rp67e16.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[Q473kq6.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[io5Jb4M.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[pVw81Aw.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[WNKDEXa.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[B8TVvo7.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[I6aEwE0.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar[sqgxW1V.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[HA17t21.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[xjO3CwI.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[uwpJNWm.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[JoxR762.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[oeteUoa.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[xngw7iL.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[gVVJNH7.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[oN5q7Wv.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[wLt0hdt.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[HhGDM6S.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar[wF67101.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[P5+REiX.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[HjgB8f.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[iD0HH5.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[Ut22I6A.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[Fe188Nv.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[hP2E3QS.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[x2jSRrJ.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[oWxu7pp.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[m2hHS62.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[Dn22vA5.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar[f248iQI.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[bl6opbr.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[PK5p2Nu.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[uhMNQpW.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[r1olSa6.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[cSkojLP.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[Srv58tx.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[SmWON5o.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[H4N82p8.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[i2D4lF7.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[sF0DIgV.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar[ew32L7u.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[CH0CQ75.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[s26CD2.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[lXAr03f.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[xa5FIGV.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[rjH3tr7.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[Opru6ht.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[JNQ56lc.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[lFHMh0V.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[vxT06Cv.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[vLD777W.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar[nRotc36.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[LQjHTTm.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[sBq84X.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[hF8NUJb.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[wB5I2vR.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[qKAv3Is.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[u=4Rg4P.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[vTd0Vod.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[E1tNlNl.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[Ro4nV3D.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[J36E47R.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar[fns5IQc.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[uS64UmB.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[rP553qr.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[e1M8GGT.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[r2j1h3o.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[W44C8g8.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[c0rB6DG.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[nr3q578.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[v3n2h8K.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[GETxk01.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[e53oabF.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar[g8D402G.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[w5G2Pw8.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[jPlTPAw.exe]
Virus:W32/Nuwar.A
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#13 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:44 AM

Posted 08 November 2006 - 09:19 PM

Woops...I see I got cut off. The rest:

Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[w5G2Pw8.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[jPlTPAw.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[t43Pr8A.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[OKIrb6I.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[rFk6n0V.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[e2iltNs.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[bwjRoLV.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[AQeTl4W.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[W5J36m3.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[CNP.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar[A=6wx62.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[uDd8X5L.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[Lc2b23A.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[rbd6dD1.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[W2c1bfX.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[K7B5n1S.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[aIeA6jO.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[ECde1x6.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[jDn2gc2.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[r7ATsx2.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[a0l1i0H.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar[Ig5Tb5x.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[oW3I7wn.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[i7vW64s.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[q4ad3cM.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[trRelc3.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[eX1446.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[TlR7j1l.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[FLAiO37.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[N4iJ626.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[HcVhe8.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[OEXNTDo.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar[iH5O7Lt.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[xiH7wAR.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[fw8537M.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[nhXAvXg.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[Krr82C2.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[c31UT52.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[Um503Vv.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[c2pFA5k.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[l5w044F.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[Il6LhVH.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[e3Ub8k1.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar[ll6Bb2.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[w8dP3Gt.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[s0P87rR.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[j5sW4Dt.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[cqJWbkT.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[cBKAXT5.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[vJkufh2.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[Mol1aO7.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[lkE7e3L.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[k43wd5t.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[u7I4l5m.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar[FHXk7J1.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[g2DeJGa.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[xr5g2g8.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[ugp5dG4.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[XH54lhn.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[Dm1fXTw.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[p=5O210.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[B4c6NLs.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[VF7tGi.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[F8P5iT7.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[kFxnwq5.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar[e82rS28.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[Ux0i7m2.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[xcdk28v.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[b20qnEk.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[nwfHV4U.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[Dv7jCeQ.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[rx2bf4b.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[kOmwR7B.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[OCGk34K.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[E=nFv2p.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[mBn2SkO.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar[bIx11fh.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[cnSGwDO.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[Ei502Lu.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[THi7O41.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[vA74Vv3.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[BEVGNb1.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[e0iFBW6.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[JpfcuEN.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[v=lUa6L.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[d280vB3.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[TA5rIsQ.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar[Hald658.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[UjmmX54.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[tixWF6r.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[kH6Lr8J.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[Q5lr2aI.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[pdJK22J.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[skEj5eE.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[jBxvH1B.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[M71f1wm.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[qtRq4Go.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[oV25Ee1.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar[m7r3S3G.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[t40lwD1.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[iM8Ew2W.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[hWjd4k8.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[nILG7n5.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[bW70t5o.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[B320w7d.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[m5r40hL.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[r6358D3.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[aGACOGP.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[BcI0aaf.exe]
Virus:W32/Nuwar.A.worm Not disinfected C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar[F7cHESP.exe]
Virus:W32/Nuwar.A.worm Disinfected C:\Documents and Settings\Owner\My Documents\tragically_hip_987\receive\vrsxbbpf.t
Virus:W32/Nuwar.A.worm Disinfected C:\Documents and Settings\Owner\My Documents\tragically_hip_987\temple_of_the_dog69\flannel_jimmy_987\yahoo shyt\vrsxbbpe.t
Virus:W32/Nuwar.A.worm Disinfected C:\Documents and Settings\Owner\My Documents\zone alarm\jswfnkqf.t
Virus:W32/Nuwar.A.worm Disinfected C:\download\antispyware\gmxnqgod.t
Possible Virus. Not disinfected C:\Program Files\HP Instant Support\plugin\bin\ContentUpdater.exe
Possible Virus. Not disinfected C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_8.cab[\plugin\bin\ContentUpdater.exe]
Possible Virus. Not disinfected C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\ContentUpdater.exe
Virus:Trj/Alanchum.JF Disinfected C:\WINDOWS\system32\image1.gif.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\intr32.dll
Adware:Adware/AntispywareSoldier Not disinfected C:\WINDOWS\system32\msmapi32.exe
Virus:W32/Nuwar.A.worm Disinfected C:\WINDOWS\system32\sdaqvsdb.exe
Adware:Adware/AntispywareSoldier Not disinfected C:\WINDOWS\system32\sklmnf.exe
Virus:Trj/Alanchum.JB Disinfected C:\WINDOWS\system32\ss.exe.exe
Virus:W32/Nuwar.A.worm Disinfected C:\WINDOWS\system32\w.exe.exe
Virus:W32/Nuwar.A.worm Disinfected D:\cmdcons\system32\vrsxbwdm.t

These posts just gives me quicker reference to compare with your AVG log after to see what is left.

There will be more work to do after AVG is done.
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#14 Tragically_Hip

Tragically_Hip
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 09 November 2006 - 02:16 PM

Here is the AVG scan log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:59:49 PM 11/9/2006

+ Scan result:



HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11904CE8-632A-4856-A7CC-00B33FE71BD8} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15ACE85C-0BB1-42D1-9E32-07EB0506675A} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C4DA27D-4D52-4465-A089-98E01BB725CA} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7070A8F9-08A4-CA47-0AB0-1EB9E4EE1F3B} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{746455FE-D059-47E7-AF0E-140E03F5A447} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{860C2F6B-CA82-4282-9187-BECCBB66F0AF} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DC8F96D-34F7-1501-A2A4-631341AA3AC1} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF021F40-3E14-23A5-CBA2-717765721306} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1AC752E-883F-4ED8-8828-B618C3A72152} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2B2B5A1-B48C-4886-A318-723916A01024} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-97400744-670792205-3813086739-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/GF343VU.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/R07B5f.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/U0Pu2Eo.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/cle0g01.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/e37jbie.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/l4qv20U.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/qNsG03u.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/w85qeO4.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/˜8joE3H.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/E8kQ3fd.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/J2O6Sl.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/N0s055R.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/RAqad8.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/Sa6MwI5.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/e2p3TEs.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/jakGlgW.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/mTTfM50.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/xREnq4b.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/Q71oMm.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/QK70r32.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/a2vdgar.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/g40UP20.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/lh5xVed.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/lu3pPHv.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/n84bCN3.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/t2mbSsg.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/v6hQTpI.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/HA17t21.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/HhGDM6S.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/gVVJNH7.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/oN5q7Wv.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/oeteUoa.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/wF67101.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/wLt0hdt.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/xjO3CwI.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/xngw7iL.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/Dn22vA5.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/Fe188Nv.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/HjgB8f.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/P5REiX.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/f248iQI.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/hP2E3QS.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/m2hHS62.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/oWxu7pp.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/x2jSRrJ.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/H4N82p8.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/PK5p2Nu.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/SmWON5o.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/Srv58tx.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/bl6opbr.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/cSkojLP.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/ew32L7u.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/i2D4lF7.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/sF0DIgV.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/CH0CQ75.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/JNQ56lc.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/Opru6ht.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/lFHMh0V.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/nRotc36.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/rjH3tr7.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/s26CD2.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/vLD777W.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/vxT06Cv.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/GETxk01.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/W44C8g8.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/c0rB6DG.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/e53oabF.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/g8D402G.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/nr3q578.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/rP553qr.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/uS64UmB.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/v3n2h8K.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/AQeTl4W.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/A6wx62.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/CNP.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/W5J36m3.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/bwjRoLV.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/e2iltNs.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/jPlTPAw.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/rFk6n0V.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/w5G2Pw8.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/FLAiO37.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/HcVhe8.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/N4iJ626.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/OEXNTDo.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/TlR7j1l.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/eX1446.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/i7vW64s.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/iH5O7Lt.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/oW3I7wn.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/FHXk7J1.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/Mol1aO7.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/cBKAXT5.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/k43wd5t.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/lkE7e3L.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/s0P87rR.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/u7I4l5m.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/vJkufh2.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/w8dP3Gt.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/B4c6NLs.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/Dm1fXTw.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/F8P5iT7.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/e82rS28.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/g2DeJGa.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/kFxnwq5.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/p5O210.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/xr5g2g8.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/˜VF7tGi.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/Dv7jCeQ.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/EnFv2p.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/OCGk34K.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/Ux0i7m2.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/bIx11fh.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/kOmwR7B.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/mBn2SkO.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/rx2bf4b.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/xcdk28v.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/M71f1wm.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/UjmmX54.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/jBxvH1B.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/m7r3S3G.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/oV25Ee1.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/pdJK22J.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/qtRq4Go.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/skEj5eE.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/tixWF6r.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/EK87fE1.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/MTFu48j.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/TJx6oMI.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/bWea43f.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/fR804Rq.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/gj74Q5.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/jA5t02D.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/o7136tJ.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/t5Cr328.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/C72l7k7.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/ImSImVA.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/LvS50Xm.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/fRpfJ4F.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/i8ia36V.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/p263EK.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/pP0c251.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/xdUB70d.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/˜G120jr.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/A5HbSvP.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/JUkbc06.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/L2lg8MJ.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/VrPmFo5.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/erg84qC.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/gM64h47.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/h6Vqpm.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/q2I7moC.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/wFNAQvL.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/B8TVvo7.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/I6aEwE0.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/Q473kq6.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/WNKDEXa.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/h46C3vx.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/io5Jb4M.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/jk6Vjas.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/pVw81Aw.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/sqgxW1V.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/E1tNlNl.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/J36E47R.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/LQjHTTm.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/Ro4nV3D.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/fns5IQc.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/qKAv3Is.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/u4Rg4P.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/vTd0Vod.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/˜sBq84X.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/ECde1x6.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/Ig5Tb5x.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/K7B5n1S.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/Lc2b23A.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/a0l1i0H.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/aIeA6jO.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/jDn2gc2.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/r7ATsx2.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/uDd8X5L.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/Il6LhVH.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/Um503Vv.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/c2pFA5k.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/c31UT52.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/e3Ub8k1.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/fw8537M.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/l5w044F.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/ll6Bb2.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/xiH7wAR.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/BEVGNb1.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/Ei502Lu.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/Hald658.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/JpfcuEN.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/TA5rIsQ.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/cnSGwDO.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/d280vB3.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/e0iFBW6.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/vlUa6L.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/B320w7d.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/BcI0aaf.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/F7cHESP.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/aGACOGP.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/bW70t5o.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/iM8Ew2W.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/m5r40hL.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/r6358D3.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/t40lwD1.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0098552.exe -> Downloader.Small.dji : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\smaubkrm.exe -> Downloader.Small.dji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1090\A0094265.exe -> Downloader.VB.apa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sklmnf.exe -> Downloader.VB.apa : Cleaned with backup (quarantined).
C:\UPS\CONNECT\winxmit.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1034\A0087874.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1034\A0087875.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1034\A0087876.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1077\A0093839.exe -> Not-A-Virus.Hoax.Win32.Renos.eh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1074\A0093040.exe -> Not-A-Virus.Hoax.Win32.Renos.fe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1076\A0093447.exe -> Not-A-Virus.Hoax.Win32.Renos.fe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1077\A0093840.exe -> Not-A-Virus.Hoax.Win32.Renos.fe : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nxqrlzbm.hdi -> Trojan.Agent.qe : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msmapi32.exe -> Trojan.VB.atw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1102\A0098629.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1103\A0098649.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1104\A0098666.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1104\A0098698.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1105\A0098771.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adir.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\CBW.rar/I3auH88.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Coors Light.rar/c4S40uO.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\D_N.rar/Iwsa4r5.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle1.rar/uwpJNWm.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\FraserPapersstyle2.rar/iD0HH5.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\GOTSRevisions.rar/uhMNQpW.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Groupe Savoie\Savoie 10 and 15 years.rar/lXAr03f.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Michaud Equipment.rar/e1M8GGT.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\PF.rar/t43Pr8A.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Puzzle Floors (Briggs)\PuzzleFloor.rar/q4ad3cM.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Reunion.rar/j5sW4Dt.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\Seasons Take Out Logo.rar/ugp5dG4.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\TSL.rar/b20qnEk.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\WPH LOGO.rar/kH6Lr8J.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\caribou.rar/rwIP13p.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election01.rar/J0Kf2lx.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\election02.rar/U00cHoh.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\fmslogo.rar/x266DB3.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\lrj.rar/hF8NUJb.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\phlogo.rar/rbd6dD1.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\relayforlife2006.rar/nhXAvXg.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\tvreunion.rar/THi7O41.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Received Files\wph.rar/hWjd4k8.exe -> Worm.Glowa.a : Cleaned with backup (quarantined).


::Report end

#15 Tragically_Hip

Tragically_Hip
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 09 November 2006 - 02:18 PM

here is the new ComboFix log

Owner - 06-11-09 15:06:19.98 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Owner\Desktop\WEB TOOLS"

((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 ))))))))))))))))))))))))))))))))))


2006-11-09 11:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-09 11:05 46,592 --a------ C:\WINDOWS\system32\zlbw.dll
2006-11-02 11:01 5,707 --a------ C:\WINDOWS\system32\se.exe.exe
2006-10-20 11:45 25,088 --a------ C:\WINDOWS\system32\anti_troj.exe
2006-10-20 11:45 24,576 --a------ C:\WINDOWS\system32\netstat2.exe
2006-10-20 11:45 24,576 --a------ C:\WINDOWS\system32\dload.exe
2006-10-20 11:45 22,528 --a------ C:\WINDOWS\spp3.dll
2006-10-20 11:45 20,224 --a------ C:\WINDOWS\system32\msmsn.exe
2006-10-20 11:45 19,200 --a------ C:\WINDOWS\system32\POPCORN72.EXE
2006-10-20 11:45 15,616 --a------ C:\WINDOWS\system32\win32hp.dll
2006-10-20 11:45 14,592 --a------ C:\WINDOWS\system32\iewd.exe
2006-10-20 11:45 14,336 --a------ C:\WINDOWS\system32\proqlaim.exe
2006-10-20 11:45 11,264 --a------ C:\WINDOWS\system32\perfont.exe
2006-10-20 11:45 11,008 --a------ C:\WINDOWS\system32\mpsegment.exe
2006-10-20 11:44 9,216 --a------ C:\WINDOWS\xplugin.dll
2006-10-20 11:44 8,960 --a------ C:\WINDOWS\system32\ace16win.dll
2006-10-20 11:44 32,512 --a------ C:\WINDOWS\clrssn.exe
2006-10-20 11:44 29,696 --a------ C:\WINDOWS\mtwirl32.dll
2006-10-20 11:44 29,184 --a------ C:\WINDOWS\winmgnt.exe
2006-10-20 11:44 28,672 --a------ C:\WINDOWS\x.exe
2006-10-20 11:44 28,160 --a------ C:\WINDOWS\wininet32.exe
2006-10-20 11:44 27,136 --a------ C:\WINDOWS\time.exe
2006-10-20 11:44 26,624 --a------ C:\WINDOWS\dialup.exe
2006-10-20 11:44 25,088 --a------ C:\WINDOWS\waol.exe
2006-10-20 11:44 25,088 --a------ C:\WINDOWS\cpan.dll
2006-10-20 11:44 24,832 --a------ C:\WINDOWS\runwin32.exe
2006-10-20 11:44 24,576 --a------ C:\WINDOWS\avpcc.dll
2006-10-20 11:44 24,320 --a------ C:\WINDOWS\y.exe
2006-10-20 11:44 23,808 --a------ C:\WINDOWS\window.exe
2006-10-20 11:44 18,176 --a------ C:\WINDOWS\win64.exe
2006-10-20 11:44 16,128 --a------ C:\WINDOWS\systemcritical.exe
2006-10-20 11:44 15,616 --a------ C:\WINDOWS\winajbm.dll
2006-10-20 11:44 13,824 --a------ C:\WINDOWS\win32e.exe
2006-10-20 11:44 13,568 --a------ C:\WINDOWS\users32.exe
2006-10-20 11:44 12,544 --a------ C:\WINDOWS\olehelp.exe
2006-10-20 11:44 12,032 --a------ C:\WINDOWS\inetdctr.dll
2006-10-20 11:44 12,032 --a------ C:\WINDOWS\accesss.exe
2006-10-20 11:44 10,496 --a------ C:\WINDOWS\systeem.exe
2006-10-20 11:43 10,752 --a------ C:\WINDOWS\system32\instreg_tmp.exe
2006-10-20 11:43 0 --a------ C:\WINDOWS\system32\asgp32.dll
2006-10-20 11:42 13,824 --a------ C:\WINDOWS\system32\intr32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-08 21:23 -------- d-------- C:\Program Files\WinAce
2006-11-08 21:23 -------- d-------- C:\Program Files\Washer
2006-11-08 21:23 -------- d-------- C:\Program Files\QuickTime
2006-11-08 21:23 -------- d-------- C:\Program Files\MSN Messenger
2006-11-08 21:23 -------- d-------- C:\Program Files\Messenger
2006-11-08 21:23 -------- d-------- C:\Program Files\Internet Explorer
2006-11-08 21:23 -------- d-------- C:\Program Files\Google
2006-11-08 21:22 -------- d-------- C:\Program Files\Outlook Express
2006-11-04 18:56 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-31 15:36 -------- d-------- C:\Program Files\HijackThis
2006-10-14 16:59 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 15:54 1419 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2006-08-22 15:54 0 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB0_0_0 -reboot 1"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB0_0_0 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"PreloadApp"="c:\\hp\\drivers\\printers\\photosmart\\hphprld.exe c:\\hp\\drivers\\printers\\photosmart\\setup.exe -d"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PCPitStopEraser"="C:\\Program Files\\PCPitstop\\Erase\\PCPitStopErase.exe /remindme"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Personal Coach.lnk"
"backup"="C:\\WINDOWS\\pss\\Personal Coach.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BRODER~1\\MAVISB~1\\MINIMA~1.EXE main"
"item"="Personal Coach"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1082391782.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-09 15:07:25.78
C:\ComboFix.txt ... 06-11-09 15:07
C:\ComboFix2.txt ... 06-11-08 18:12

Here is the newest HJT log


Logfile of HijackThis v1.99.1
Scan saved at 3:11:04 PM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\WEB TOOLS\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HJT\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pg.photos.yahoo.com/ph/tragically_hip_987/my_photos
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca5.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe /remindme
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB0_0_0 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E67F5856-E2F5-40FE-9CFF-6AEFC9EA0AAA} (EventLogScan Class) - http://www.windowsecurity.com/eventlogscan/ATLExplorer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDF5A25A-DB55-40AF-916F-40AEA34D16C5}: NameServer = 198.164.30.2 198.164.4.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\WEB TOOLS\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users