View Full Version : Help required please!
I have run Spybot S&D and it cannot remove the following :confused:
Command Service and Network Monitor
I am continuing to get pop-ups :mad: Can somebody please have a look at my log and advise? I would greatly appreciate any help you can offer. Thanks in advance!!
My HJT log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 16:34:01, on 06/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\outlook\outlook.exe
C:\windows\mousepad9.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\k880lilm18qa.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Hello and welcome.. :)
Please print these instructions out, or write them down, as you can't read them during the fix.
Please download Look2Me-Destroyer (http://www.atribune.org/ccount/click.php?id=7) to your desktop.
Before continuing with the fix there is something you must do:
Click Start -> Run and type in: services.msc
Check that the following services are running and that their startup is set to automatic:
Seclogon, or Secondary logon service
Next your machine needs to be offline, manually disconnect the network cable if necessary.
Your antivirus, and every other security software MUST be disabled.
Now continue:
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Re-launch your Anti-virus/Firewall protection.
Re-connect back to the internet.
Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log. :bigthumb:
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
Firstly, the seclogon was set to automatic, so I just left it that way?
I'm on another machine and haven't reconnected to the internet since, so I'm not sure if this has worked or not...should I reconnect?
Logs as follows:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 06/04/2006 17:46:05
Infected! C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP156\A0014894.dll
Attempting to delete infected files...
Attempting to delete: C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP156\A0014894.dll
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP156\A0014894.dll Deleted successfully!
Making registry repairs.
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 17:58:49, on 06/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\mousepad9.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Ok.. Next:
Please print these instructions out, or write them down, as you can't read them during the fix.
1. Please download Ewido Anti-Malware (http://www.ewido.net/en/download/)
Install Ewido Anti-malware
Launch Ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click Update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://www.ewido.net/en/download/updates/)
==
2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right-click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk ( C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
==
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
==
4. Once in Safe Mode, Run Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido anti-malware.
==
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
In the Scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the Complete script execution box to pop up and hit OK.
Press Exit to terminate the BFU program.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :bigthumb:
Hi again..
When running Ewido it found 2206 infected objects, mostly in C:\My Downloads\Shared Folder....none of these objects were actually downloaded by me, seems that they are all zip files. Before I can get to save the report I'm getting the following warning....for example
The file "C:\My Downloads\Shared\Image Dupeless 1.6.3.zip/setup.exe" cannot be removed because it is embedded in the archive "C:\My Downloads\Shared\Image Dupeless 1.6.3.zip" Do you want to remove the whole archive?
I assumed the answer to this is yes and it showed cleaned infection every time I clicked yes. Should I continue this way until I can save the report??
Ok, the Ewido report is huge!! Too big to post it here...can I attach the doc. file??
The HJT log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 11:31:17, on 07/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\mousepad9.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Can't attach it either...file size is 433kb, much too big
Here's the start of the report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:25:18, 07/04/2006
+ Report-Checksum: A67D5FD9
+ Scan result:
HKU\S-1-5-21-2758287274-2678596051-3068720772-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
HKU\S-1-5-21-2758287274-2678596051-3068720772-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\Paul Morley\Cookies\paul morley@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paul Morley\Cookies\paul morley@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Paul Morley\Cookies\paul morley@aerlingus.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul Morley\Cookies\paul morley@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\!update.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\Cookies\paul morley@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\Cookies\paul morley@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\Cookies\paul morley@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\temp.fr11D1 -> Adware.CommAd : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\temp.fr2208 -> Adware.CommAd : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\temp.fr8B1B -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\temp.frD9DA -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\Temporary Internet Files\Content.IE5\01234567\drsmartload[1].exe -> Downloader.VB.aad : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\Temporary Internet Files\Content.IE5\81UNW1IV\drdata[1].avi -> Dropper.Agent.aac : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLM7WXQB\drsmartload45a[1].exe -> Downloader.Adload.ai : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLM7WXQB\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temporary Internet Files\Content.IE5\HXYBUDHU\drsmartload[1].exe -> Downloader.VB.aad : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temporary Internet Files\Content.IE5\K5ENWD2N\drdata[1].avi -> Dropper.Agent.aac : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temporary Internet Files\Content.IE5\W1EJ05I3\!update-3620[1].0000 -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\Paul Morley\Local Settings\Temporary Internet Files\Content.IE5\XYT0YE9A\drsmartload45a[1].exe -> Downloader.Adload.ai : Cleaned with backup
C:\Documents and Settings\Paul Morley\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Paul Morley\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup
C:\My Downloads\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Act Of War High Treason Clonedvd Moncul.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Adobe Acrobat 7 0 Pro With Keygen Squiggie.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Adobe Creative Suite 2 Mac Keygen.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Adobe Creative Suite 2 Premium.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Adobe Illustrator Cs2 V12 32321 39636 20013 25991 21407 29256 2080.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Adobe Photoshop Cs2 Iso Keygen.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Adobe Premiere Elements V2 0 Www Seedler Org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Advanced Search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Age Of Empires Iii Reloaded 3393982 Tpb.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Ahead DVD Ripper 1.4.1 Pro.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Air America Radio - The Al Franken Show 040606 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Air America Radio - The Marc Maron Show 040406 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Air America Radio - The Marc Maron Show 040506 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Alcohol 120 1 9 5 3105.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Aliasmayaunlimited7011511998 Demonoid Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Americas Next Top Model S06E06 PDTV XviD-EXT [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Arctic Monkeys - Who The Fuck Are The Arctic Monkeys.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Auto Xp V2006 02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Autodesk 3d Studio Max V8 0 Webinstall Incl Keymaker Xforce.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Bach, J.S. - Violin Concertos (Mullova), AAC @256.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Basic Instinct 2 2006 SEPTIC TC kvcd Jamgood(TUS Release).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Basic Instinct 2 PROPER TC XviD-ASTEROiDS.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Battlefield 2 Full Dvd Mininova Org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\BEFORCE Creation (power metal) (224) [www heavytorrents tk].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\BETTER HOMES AND GARDENS HOME DESIGNER SUITE 6 0-PHXiSO.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Black And White 2 Clone.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Breath Of Fire III UMD EUR WORKING.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Browse categories.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Bust a Move Deluxe (USA) (PSP).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Bust A Move Deluxe PSP DMU.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Bust A Move Deluxe UMD USA.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\C Cgezeho Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Call Of Duty 2 Deviance.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Chaos 2006 SCREENER XviD-DeviL [Sabre-Torrents com].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\CNET Channel.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\CNET News.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Colin Mcrae Rally 2005 Multilingual Www Slotorrent Net.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Command And Conquer The First Decade Read Nfo Clonedvd Mirror.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Commandos Strike Force Pc Clonedvd Eng.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Computer Shopper.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Crimson Climax complete uncensored + subtitles.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\CSI S06E19 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Cubase Sx V3 1 1 944 H2o With Ed Sx3 Video Tutorials Delirium Dvdr Unox.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Dance Ejay 7 Dance Music Maker.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\David S Ultimate Boot Cd 2 0 4in1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\dcp 4-6-06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Desktop-3D Notes v3 0 4 WinAll Cracked-EiTheL rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Details For James Bond 1 20 Completely Fixed.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\DVD Region+CSS Free 5.975.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Easysoft XML-ODBC Server 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EASYSQL 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasySQL 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyStat Web Statistics 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Easystats 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\easyStock Cleaner 1.5+.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyStockDataGenerator 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyStockDater 1.1.7.5 Rev. 22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyStockInfo 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\easyStockLogger 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\easyStockMailer 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyStore Net 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyStruct Enterprise 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyTable For AutoCAD 2.1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyTask Manager 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Easytemplates Flash Website Templates 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Easytools.com URL Checker 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyTrader 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyTweak For Pocket PC 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyVersionControl 8.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyView X 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyViewOrcl 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyWallpaper 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyWare B2B Commerce 4.004.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyWare Shopping Cart 3.004.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyWatch 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyWebSave 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyWMA 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyWMA Converter 1.22a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\EasyZip 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Eat My Dust demo, large version .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Eat My Dust demo, medium version .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Eat My Dust demo, small version .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
And it continues pretty much like this for another 80000 or so characters!! :scratch: Please let me know if you want me to split it up for posting completely. This is where it finishes...
C:\My Downloads\Shared\QuickWrite (English) 5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuickWrite Professional (Dutch) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuickWrite Professional (English) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuickWrite Professional (French) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuickWrite Professional (German) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuickWrite Professional (Italian) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuickWrite Professional (Spanish) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuickXML 1.021.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quicky Notes 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quicky Password Generator 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quickzip 3.06.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuidProQuo Reciprocal Links Checker 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quigley's Quest 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quik Budget 3.2.17.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quik Codes (QCodes) 2.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quik Pad 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuikBox 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuikCalc Amortization 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\quikCharts 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuikE Note 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuikLinc 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuikMind 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuikPath 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuikShield 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuikSurfer 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuikUninstall 1.0.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quiltion 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quindi Meeting Companion 1.5.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quink 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quinn 2.1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quintessence of Wisdom 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quintessential Player 4.51.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quintic Player 5.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quintura Search 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quiptics 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quirty Buddy for Pogo 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quis Lite 1.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quit Smoking Calculator 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuitMeter Counter 1.0.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quitomzilla .04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quiz 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quiz Builder 3.50.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quiz Master 3.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quiz of the States with QuizBuild 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quiz-Buddy 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quiz-Buddy for Palm 1.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quizer 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuizFaber 2.6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quizland (Mac) 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuizMaker Pro 5.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuizMaster 4.1.2 build 363.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuizPro 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuizPro 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuizTest 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quizzler 3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qumana 2.1.0.19.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qunetix SD 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quo Vadis for Palm (Mac) 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quo Vadis for Palm (PC) 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuoBox 2.0.40.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QUOSA Information Manager 7.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quote of the day Google desktop plug-in 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quote on Table 3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quote Organizer Deluxe 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quote Works 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuoteBuddy Pop Up Blocker 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuoteLogger 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuoteLogix 6.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuoteRetriever 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quotes 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quotestream 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuoteWerks 4 build 13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quoteworks 1.2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuothBar 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qur'an Viewer 2.91.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quran Auto Reciter 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quran Reader and Searcher 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quran Reader for Mobile Phones 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quran Tutor - Al Ikhlaas 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Quran Tutor - Al Kauthar 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuranText 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QuranTrans 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qurb 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qvadis Express Reader Pro 2.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qvadis Lexica 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qvadis Lexica Pro 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QVCS 3.7 build 12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qvet 9.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QWave 1.501.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QwikChex 5b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QwikNet 2.23.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qwikpad 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QwikSpy 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qwizdom Interact 1.2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Qwordy Assist 2.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QX Invoice 3.0 build 981.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QXchange 1.6.2 build 33.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\QXpress 4.0.139.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Release 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Remove Windows XP Advantage Key rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Search Cloud.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\She's the Man (2006).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Shes The Man (2006) TS RUSTLERS KVCD by PJ(TUS Release).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Show all of today →.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Slackware 10 2 Disk 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Slackware 10 2 Install D1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Smallville 5x17 (HDTV-LOL)[VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Smallville S05E17 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Solidworks 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\SpongeBob Squarepants The Yellow Avenger (EUR) (PSP).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Spyware Removal.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Star Trek TNG - Shadowheart 1-4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Star Trek TNG - The Modala Imperative 1-4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Star Trek TNG Annuals 1990-1995.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Supernatural S01E18 HDTV XviD-XOR [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Tech news.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Terms of Use.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Amazing Race S09E06 DSR XViD-WTV [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Black Eyed Peas-Renegotiations-The Remixes-ep-2006[sabre-torrents com].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Daily Show 04.06.06 (DSRip-LOKi) [VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Elder Scroll Iv Oblivion Reloaded Tntvillage Org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Elder Scrolls Iv Oblivion Reloaded.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Godfather Clonecd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Godfather The Game Clonecd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Godfather The Game With Serial And Nocd Crack.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Lord Of The Rings Battle For Middle Earth 2 Reloaded.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The O C S03E20 HDTV XviD-UMD [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The O.C. 3x20 (HDTV-LOL)[VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\The Sims 2 Pc Game.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Toca Race Driver 3 Sfclonedvd Mirror.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Tomb Raider Legend Clonedvd Itwins.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Tomb Raider Legend Pal Dvd5 Xbox Clear.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Tomb Raider Legend Pal Ps2 Pal.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Tomb Raider Legend Reloaded Inc Crack.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Tomb Raider Legend XBOX-Allstars.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Tomtom Navigator 5 000 4890 Crack For Pocketpc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Tomtom5 Europe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Total Training For Adobe Creative Suite 2 Premium Bundle Inspiron.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Total Training For Adobe Photoshop Cs2 3xdvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Total Training For Advanced Adobe Photoshop Cs2 Inspiron.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Trackmania Sunrise Extreme Keygen-RELOADED [www NewTorrents info].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\TV Shows.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Ubersoldier Reloaded Www Bitworld Info.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Upload a torrent.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Warcraft Iii The Frozen Throne 2disks Cr Kp Chser.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Win Vista 5342 X86.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Windows Xp Pro Sp3 Extras Bootable.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Windows Xp Professional Cd Incl Sp2 20060302 Bootable.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Windows Xp X64 Edition Final.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Winrar V3 51 Corporate Edition.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\World Of Warcraft Isos Eng Us Server Browser.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Worms 4 Mayhem Reloaded.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Yu-Gi-Oh! GX - 50 - Magna Chum Laude {C P} avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\Yu-Gi-Oh! GX - 52 - The Graduation Match Pt 2 {C P} v1 avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\[Addict-S]Blood+ 24 vostfr avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\[Howard Stern] - Wrap-Up Show (04-05-06 + 04-06-06).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\[Nanashi]Eureka seveN - 34 [D475C8B6] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\[Nyanko] Solty Rei - 21 [3C4C3D73] mkv.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\[Spanish Newspaper] El Pais PDF 07 04 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\[T-N]Zoids Genesis - 20[706861B9] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\[WF] School Rumble Semester 2 - 01 [7365B6B1] mp4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\[x-raws] xxxHOLiC TV - 01 [640x480 DivX5][B7BA0D10].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\Shared\[XBOX - PAL - Multi5] Ghost Recon Advanced Warfighter.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Program Files\Common Files\InetGet\mc-110-12-0000140.exe -> Dropper.Agent.aac : Cleaned with backup
C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe -> Dropper.Agent.aac : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup
C:\Program Files\ѕystem32\lsass.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\IA\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul morley@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul morley@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul morley@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
Thats good. :)
Lets continue. You can go ahead and remove Ewido for now.
==
Uninstall the following entries through Add/Remove programs:
Toolbar888
PartyPoker
==
Please run a scan with HijackThis and check the following objects for removal:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
Close ALL other open windows except for HijackThis and hit FIX CHECKED.
==
Navigate to, and delete the following folders if present:
C:\Program Files\Toolbar888
C:\Program Files\PartyGaming
==
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==
Finally:
Please go HERE (http://www.pandasoftware.com/products/activescan.htm) to run Panda's ActiveScan
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report. :bigthumb:
Done...Activescan report as follows:
Incident Status Location
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\keyboard9.exe
Adware:adware/commad Not disinfected C:\PROGRAM FILES\Network Monitor
Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\PROGRAM FILES\WinAntiVirus Pro 2006
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/savenow Not disinfected Windows Registry
Go ahead and remove Look2Me-Destroyer & BFU. :)
Through Add/Remove programs, uninstall these entries if present:
Network Monitor
WinAntiVirus Pro 2006
==
Next, navigate to and delete the following files/folders.
C:\WINDOWS\keyboard9.exe
C:\PROGRAM FILES\Network Monitor
C:\PROGRAM FILES\WinAntiVirus Pro 2006
C:\PROGRAM FILES\COMMON FILES\InetGet
Empty recycle bin.
==
Post back with a fresh HijackThis log and let me know how's the system running now :bigthumb:
One other thing I forgot to mention on my last post...I wasn't able to remove Toolbar888 from the Add/Remove Programs list. Is there anything else we need to do here??
Updated HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 15:52:34, on 07/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
We need to make sure you won't get an Vundo infection by updating Java:
Updating Java and Clearing Cache
Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
If you are unable to update you can manually update by going here:
http://www.java.com/en/download/manual.jsp (http://www.java.com/en/download/manual.jsp)
After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.
==
How is the system running now? Any visible problems? :)
Done....System seems to be running fine now, no pop-ups, home page stays the same etc.
One thing though...Toolbar888 is still showing in the list of Add/Remove programs although there is no size alongside it...Does it still need to be removed??
Thanks very much for all of your time and effort. Your assistance is greatly appreciated :)
Have just run Lavasoft Adaware and it found the following...should I still be worried??
Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0015228.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP158\
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0015229.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP158\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : (c) BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll
You shouldn't be worried on the Ad-Aware findings.. Their on system restore which we'll clean after the PC is entirely clean first. :)
For Toolbar888:
Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Uninstall Manager"
Click on Toolbar888
Click on Delete this entry
Click "Yes"
Let me know if it still appears on the Add/Remove programs list.
Hi again, sorry for the delay in replying, I was away for the weekend.
When I opened Hijack This and followed your instructions, I couldn't find Toolbar888 on the list. Nor does it appear on the Add/Remove programs list anymore, so it seems that it is gone anyway!! :scratch:
Also, the pc seems to be running perfectly and would appear to me to be clean. Is there anything else we should do??
Thanks again for all your help with this! :bigthumb:
You're welcome. :)
==
Please read here how to clear old restore points and create a new one (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx).
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Here's some tips for future to prevent spyware;
Detect and Remove Programs:
How to use Ad-Aware to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=48) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=43) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html) <= SpywareBlaster will prevent spyware from being installed. (My favourite)
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Other necessary Programs:
AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG (http://www.grisoft.com/) or Anti-Vir (http://www.free-av.com/), or a shareware version like Norton or Kaspersky, this is a must have.
Firewall <= A firewall (http://www.google.com/search?hl=en&lr=&q=define%3Afirewall&btnG=Search) is definatley a must have. Two good free versions are Sygate (http://www.sygate.com/) and ZoneLabs (http://www.zonelabs.com/store/content/home.jsp).
More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox (http://www.mozilla.com/).And also see TonyKlein's good advice;
So how did I get infected in the first place? (http://castlecops.com/postlite7736-.html) (My favourite)
Since this issue is now resolved, this Topic has been archived. Should you need it reopened for any reason, please PM an Staff member with it's address and request. This only applies to the Original poster. Glad we were able to help. :)