Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Help required please!

  1. #1
    Junior Member
    Join Date
    Apr 2006
    Posts
    11

    Default Help required please!

    I have run Spybot S&D and it cannot remove the following
    Command Service and Network Monitor

    I am continuing to get pop-ups Can somebody please have a look at my log and advise? I would greatly appreciate any help you can offer. Thanks in advance!!

    My HJT log is as follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:34:01, on 06/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\outlook\outlook.exe
    C:\windows\mousepad9.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [winlog] winlog.exe
    O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
    O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
    O4 - HKLM\..\RunServices: [winlog] winlog.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\k880lilm18qa.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

  2. #2
    Security Expert-Emeritus Rawe's Avatar
    Join Date
    Mar 2006
    Location
    Finland
    Posts
    393

    Default

    Hello and welcome..

    Please print these instructions out, or write them down, as you can't read them during the fix.

    Please download Look2Me-Destroyer to your desktop.

    Before continuing with the fix there is something you must do:
    • Click Start -> Run and type in: services.msc
    • Check that the following services are running and that their startup is set to automatic:
    • Seclogon, or Secondary logon service
    • Next your machine needs to be offline, manually disconnect the network cable if necessary.
    • Your antivirus, and every other security software MUST be disabled.


    Now continue:
    • Double-click Look2Me-Destroyer.exe to run it.
    • Put a check next to Run this program as a task.
    • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
    • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    • Once it's done scanning, click the Remove L2M button.
    • You will receive a Done Scanning message, click OK.
    • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    • Your computer will then shutdown.
    • Turn your computer back on.
    • Re-launch your Anti-virus/Firewall protection.
    • Re-connect back to the internet.
    • Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log.
    If Look2Me-Destroyer does not reopen automatically, reboot and try again.
    Hi there, stranger!

    Proud Member of ASAP since 2005.

  3. #3
    Junior Member
    Join Date
    Apr 2006
    Posts
    11

    Default Hi, thanks for your help!

    Firstly, the seclogon was set to automatic, so I just left it that way?
    I'm on another machine and haven't reconnected to the internet since, so I'm not sure if this has worked or not...should I reconnect?

    Logs as follows:


    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 06/04/2006 17:46:05

    Infected! C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP156\A0014894.dll

    Attempting to delete infected files...

    Attempting to delete: C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP156\A0014894.dll
    C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP156\A0014894.dll Deleted successfully!

    Making registry repairs.


    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded

    Logfile of HijackThis v1.99.1
    Scan saved at 17:58:49, on 06/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\outlook\outlook.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\mousepad9.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [winlog] winlog.exe
    O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
    O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
    O4 - HKLM\..\RunServices: [winlog] winlog.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

  4. #4
    Security Expert-Emeritus Rawe's Avatar
    Join Date
    Mar 2006
    Location
    Finland
    Posts
    393

    Default

    Ok.. Next:

    Please print these instructions out, or write them down, as you can't read them during the fix.

    1. Please download Ewido Anti-Malware
    • Install Ewido Anti-malware
    • Launch Ewido, there should be an icon on your desktop, double-click it.
    • The program will now open to the main screen.
    • When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

      You will need to update Ewido to the latest definition files.
      • On the left hand side of the main screen click Update.
      • Then click on Start Update.
    • The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display ("Update successful")
    • Exit Ewido, do not run the scan yet!
    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates

    ==

    2. Please download Brute Force Uninstaller to your desktop.
    • Right-click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk ( C: ) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Do not do anything with these yet!

    ==

    Next, please reboot your computer in Safe Mode by doing the following:
    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.


    ==

    4. Once in Safe Mode, Run Ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will be prompted to clean the first infection.
    • Select "Perform action on all infections", then proceed.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.
    Close Ewido anti-malware.

    ==

    5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
    • Start the Brute Force Uninstaller by doubleclicking BFU.exe
    • In the Scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
    • Press Execute and let it do itís job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the Complete script execution box to pop up and hit OK.
    • Press Exit to terminate the BFU program.
    Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log.
    Hi there, stranger!

    Proud Member of ASAP since 2005.

  5. #5
    Junior Member
    Join Date
    Apr 2006
    Posts
    11

    Default

    Hi again..

    When running Ewido it found 2206 infected objects, mostly in C:\My Downloads\Shared Folder....none of these objects were actually downloaded by me, seems that they are all zip files. Before I can get to save the report I'm getting the following warning....for example

    The file "C:\My Downloads\Shared\Image Dupeless 1.6.3.zip/setup.exe" cannot be removed because it is embedded in the archive "C:\My Downloads\Shared\Image Dupeless 1.6.3.zip" Do you want to remove the whole archive?

    I assumed the answer to this is yes and it showed cleaned infection every time I clicked yes. Should I continue this way until I can save the report??

  6. #6
    Security Expert-Emeritus Rawe's Avatar
    Join Date
    Mar 2006
    Location
    Finland
    Posts
    393

    Default

    Yes.
    Hi there, stranger!

    Proud Member of ASAP since 2005.

  7. #7
    Junior Member
    Join Date
    Apr 2006
    Posts
    11

    Default

    Ok, the Ewido report is huge!! Too big to post it here...can I attach the doc. file??

    The HJT log is as follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:31:17, on 07/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\mousepad9.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp
    O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
    O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
    O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

  8. #8
    Junior Member
    Join Date
    Apr 2006
    Posts
    11

    Default

    Can't attach it either...file size is 433kb, much too big

    Here's the start of the report:

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 11:25:18, 07/04/2006
    + Report-Checksum: A67D5FD9

    + Scan result:

    HKU\S-1-5-21-2758287274-2678596051-3068720772-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
    HKU\S-1-5-21-2758287274-2678596051-3068720772-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Cookies\paul morley@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Cookies\paul morley@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Cookies\paul morley@aerlingus.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Cookies\paul morley@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\!update.exe -> Downloader.PurityScan.w : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\Cookies\paul morley@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\Cookies\paul morley@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\Cookies\paul morley@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\temp.fr11D1 -> Adware.CommAd : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\temp.fr2208 -> Adware.CommAd : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\temp.fr8B1B -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\temp.frD9DA -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\Temporary Internet Files\Content.IE5\01234567\drsmartload[1].exe -> Downloader.VB.aad : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\Temporary Internet Files\Content.IE5\81UNW1IV\drdata[1].avi -> Dropper.Agent.aac : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLM7WXQB\drsmartload45a[1].exe -> Downloader.Adload.ai : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLM7WXQB\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temporary Internet Files\Content.IE5\HXYBUDHU\drsmartload[1].exe -> Downloader.VB.aad : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temporary Internet Files\Content.IE5\K5ENWD2N\drdata[1].avi -> Dropper.Agent.aac : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temporary Internet Files\Content.IE5\W1EJ05I3\!update-3620[1].0000 -> Downloader.PurityScan.w : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Local Settings\Temporary Internet Files\Content.IE5\XYT0YE9A\drsmartload45a[1].exe -> Downloader.Adload.ai : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Paul Morley\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup
    C:\My Downloads\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Act Of War High Treason Clonedvd Moncul.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Adobe Acrobat 7 0 Pro With Keygen Squiggie.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Adobe Creative Suite 2 Mac Keygen.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Adobe Creative Suite 2 Premium.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Adobe Illustrator Cs2 V12 32321 39636 20013 25991 21407 29256 2080.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Adobe Photoshop Cs2 Iso Keygen.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Adobe Premiere Elements V2 0 Www Seedler Org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Advanced Search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Age Of Empires Iii Reloaded 3393982 Tpb.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Ahead DVD Ripper 1.4.1 Pro.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Air America Radio - The Al Franken Show 040606 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Air America Radio - The Marc Maron Show 040406 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Air America Radio - The Marc Maron Show 040506 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Alcohol 120 1 9 5 3105.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Aliasmayaunlimited7011511998 Demonoid Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Americas Next Top Model S06E06 PDTV XviD-EXT [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Arctic Monkeys - Who The Fuck Are The Arctic Monkeys.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Auto Xp V2006 02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Autodesk 3d Studio Max V8 0 Webinstall Incl Keymaker Xforce.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Bach, J.S. - Violin Concertos (Mullova), AAC @256.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Basic Instinct 2 2006 SEPTIC TC kvcd Jamgood(TUS Release).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Basic Instinct 2 PROPER TC XviD-ASTEROiDS.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Battlefield 2 Full Dvd Mininova Org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\BEFORCE Creation (power metal) (224) [www heavytorrents tk].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\BETTER HOMES AND GARDENS HOME DESIGNER SUITE 6 0-PHXiSO.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Black And White 2 Clone.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Breath Of Fire III UMD EUR WORKING.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Browse categories.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Bust a Move Deluxe (USA) (PSP).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Bust A Move Deluxe PSP DMU.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Bust A Move Deluxe UMD USA.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\C Cgezeho Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Call Of Duty 2 Deviance.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Chaos 2006 SCREENER XviD-DeviL [Sabre-Torrents com].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\CNET Channel.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\CNET News.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Colin Mcrae Rally 2005 Multilingual Www Slotorrent Net.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Command And Conquer The First Decade Read Nfo Clonedvd Mirror.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Commandos Strike Force Pc Clonedvd Eng.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Computer Shopper.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Crimson Climax complete uncensored + subtitles.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\CSI S06E19 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Cubase Sx V3 1 1 944 H2o With Ed Sx3 Video Tutorials Delirium Dvdr Unox.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Dance Ejay 7 Dance Music Maker.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\David S Ultimate Boot Cd 2 0 4in1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\dcp 4-6-06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Desktop-3D Notes v3 0 4 WinAll Cracked-EiTheL rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Details For James Bond 1 20 Completely Fixed.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\DVD Region+CSS Free 5.975.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Easysoft XML-ODBC Server 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EASYSQL 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasySQL 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyStat Web Statistics 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Easystats 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\easyStock Cleaner 1.5+.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyStockDataGenerator 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyStockDater 1.1.7.5 Rev. 22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyStockInfo 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\easyStockLogger 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\easyStockMailer 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyStore Net 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyStruct Enterprise 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyTable For AutoCAD 2.1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyTask Manager 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Easytemplates Flash Website Templates 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Easytools.com URL Checker 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyTrader 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyTweak For Pocket PC 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyVersionControl 8.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyView X 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyViewOrcl 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyWallpaper 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyWare B2B Commerce 4.004.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyWare Shopping Cart 3.004.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyWatch 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyWebSave 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyWMA 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyWMA Converter 1.22a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\EasyZip 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Eat My Dust demo, large version .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Eat My Dust demo, medium version .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Eat My Dust demo, small version .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup

  9. #9
    Junior Member
    Join Date
    Apr 2006
    Posts
    11

    Default

    And it continues pretty much like this for another 80000 or so characters!! Please let me know if you want me to split it up for posting completely. This is where it finishes...


    C:\My Downloads\Shared\QuickWrite (English) 5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuickWrite Professional (Dutch) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuickWrite Professional (English) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuickWrite Professional (French) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuickWrite Professional (German) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuickWrite Professional (Italian) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuickWrite Professional (Spanish) 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuickXML 1.021.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quicky Notes 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quicky Password Generator 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quickzip 3.06.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuidProQuo Reciprocal Links Checker 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quigley's Quest 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quik Budget 3.2.17.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quik Codes (QCodes) 2.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quik Pad 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuikBox 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuikCalc Amortization 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\quikCharts 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuikE Note 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuikLinc 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuikMind 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuikPath 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuikShield 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuikSurfer 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuikUninstall 1.0.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quiltion 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quindi Meeting Companion 1.5.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quink 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quinn 2.1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quintessence of Wisdom 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quintessential Player 4.51.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quintic Player 5.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quintura Search 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quiptics 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quirty Buddy for Pogo 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quis Lite 1.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quit Smoking Calculator 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuitMeter Counter 1.0.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quitomzilla .04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quiz 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quiz Builder 3.50.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quiz Master 3.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quiz of the States with QuizBuild 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quiz-Buddy 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quiz-Buddy for Palm 1.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quizer 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuizFaber 2.6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quizland (Mac) 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuizMaker Pro 5.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuizMaster 4.1.2 build 363.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuizPro 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuizPro 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuizTest 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quizzler 3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qumana 2.1.0.19.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qunetix SD 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quo Vadis for Palm (Mac) 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quo Vadis for Palm (PC) 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuoBox 2.0.40.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QUOSA Information Manager 7.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quote of the day Google desktop plug-in 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quote on Table 3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quote Organizer Deluxe 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quote Works 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuoteBuddy Pop Up Blocker 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuoteLogger 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuoteLogix 6.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuoteRetriever 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quotes 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quotestream 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuoteWerks 4 build 13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quoteworks 1.2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuothBar 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qur'an Viewer 2.91.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quran Auto Reciter 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quran Reader and Searcher 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quran Reader for Mobile Phones 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quran Tutor - Al Ikhlaas 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Quran Tutor - Al Kauthar 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuranText 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QuranTrans 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qurb 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qvadis Express Reader Pro 2.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qvadis Lexica 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qvadis Lexica Pro 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QVCS 3.7 build 12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qvet 9.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QWave 1.501.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QwikChex 5b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QwikNet 2.23.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qwikpad 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QwikSpy 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qwizdom Interact 1.2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Qwordy Assist 2.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QX Invoice 3.0 build 981.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QXchange 1.6.2 build 33.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\QXpress 4.0.139.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Release 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Remove Windows XP Advantage Key rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Search Cloud.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\She's the Man (2006).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Shes The Man (2006) TS RUSTLERS KVCD by PJ(TUS Release).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Show all of today →.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Slackware 10 2 Disk 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Slackware 10 2 Install D1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Smallville 5x17 (HDTV-LOL)[VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Smallville S05E17 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Solidworks 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\SpongeBob Squarepants The Yellow Avenger (EUR) (PSP).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Spyware Removal.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Star Trek TNG - Shadowheart 1-4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Star Trek TNG - The Modala Imperative 1-4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Star Trek TNG Annuals 1990-1995.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Supernatural S01E18 HDTV XviD-XOR [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Tech news.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Terms of Use.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Amazing Race S09E06 DSR XViD-WTV [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Black Eyed Peas-Renegotiations-The Remixes-ep-2006[sabre-torrents com].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Daily Show 04.06.06 (DSRip-LOKi) [VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Elder Scroll Iv Oblivion Reloaded Tntvillage Org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Elder Scrolls Iv Oblivion Reloaded.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Godfather Clonecd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Godfather The Game Clonecd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Godfather The Game With Serial And Nocd Crack.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Lord Of The Rings Battle For Middle Earth 2 Reloaded.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The O C S03E20 HDTV XviD-UMD [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The O.C. 3x20 (HDTV-LOL)[VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\The Sims 2 Pc Game.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Toca Race Driver 3 Sfclonedvd Mirror.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Tomb Raider Legend Clonedvd Itwins.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Tomb Raider Legend Pal Dvd5 Xbox Clear.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Tomb Raider Legend Pal Ps2 Pal.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Tomb Raider Legend Reloaded Inc Crack.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Tomb Raider Legend XBOX-Allstars.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Tomtom Navigator 5 000 4890 Crack For Pocketpc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Tomtom5 Europe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Total Training For Adobe Creative Suite 2 Premium Bundle Inspiron.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Total Training For Adobe Photoshop Cs2 3xdvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Total Training For Advanced Adobe Photoshop Cs2 Inspiron.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Trackmania Sunrise Extreme Keygen-RELOADED [www NewTorrents info].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\TV Shows.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Ubersoldier Reloaded Www Bitworld Info.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Upload a torrent.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Warcraft Iii The Frozen Throne 2disks Cr Kp Chser.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Win Vista 5342 X86.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Windows Xp Pro Sp3 Extras Bootable.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Windows Xp Professional Cd Incl Sp2 20060302 Bootable.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Windows Xp X64 Edition Final.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Winrar V3 51 Corporate Edition.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\World Of Warcraft Isos Eng Us Server Browser.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Worms 4 Mayhem Reloaded.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Yu-Gi-Oh! GX - 50 - Magna Chum Laude {C P} avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\Yu-Gi-Oh! GX - 52 - The Graduation Match Pt 2 {C P} v1 avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\[Addict-S]Blood+ 24 vostfr avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\[Howard Stern] - Wrap-Up Show (04-05-06 + 04-06-06).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\[Nanashi]Eureka seveN - 34 [D475C8B6] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\[Nyanko] Solty Rei - 21 [3C4C3D73] mkv.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\[Spanish Newspaper] El Pais PDF 07 04 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\[T-N]Zoids Genesis - 20[706861B9] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\[WF] School Rumble Semester 2 - 01 [7365B6B1] mp4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\[x-raws] xxxHOLiC TV - 01 [640x480 DivX5][B7BA0D10].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\My Downloads\Shared\[XBOX - PAL - Multi5] Ghost Recon Advanced Warfighter.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\Program Files\Common Files\InetGet\mc-110-12-0000140.exe -> Dropper.Agent.aac : Cleaned with backup
    C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe -> Dropper.Agent.aac : Cleaned with backup
    C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
    C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
    C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup
    C:\Program Files\ѕystem32\lsass.exe -> Downloader.PurityScan.w : Cleaned with backup
    C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\IA\command.exe -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\paul morley@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\paul morley@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\paul morley@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup

  10. #10
    Security Expert-Emeritus Rawe's Avatar
    Join Date
    Mar 2006
    Location
    Finland
    Posts
    393

    Default

    Thats good.

    Lets continue. You can go ahead and remove Ewido for now.

    ==

    Uninstall the following entries through Add/Remove programs:

    Toolbar888
    PartyPoker


    ==

    Please run a scan with HijackThis and check the following objects for removal:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
    O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
    O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
    O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe
    O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)


    Close ALL other open windows except for HijackThis and hit FIX CHECKED.

    ==

    Navigate to, and delete the following folders if present:

    C:\Program Files\Toolbar888
    C:\Program Files\PartyGaming


    ==

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only.
    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    ==

    Finally:

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
    Hi there, stranger!

    Proud Member of ASAP since 2005.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •