Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Rogue POP-UP sites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Rogue POP-UP sites

Unread postby EdBoyle » April 9th, 2006, 2:03 pm

I'm at my wits end. Despite running all the the mainline anti-spy programs, both Internet Explorer and Firefox browsers suffer from rougue pages cropping up soon after I run the browsers. I have Windows XP SP1 running.

A typical rogue page address is ...

http://www.searc-h.com/error_docs/not_found.html

I have appended my HijackThis log and would appreciate any help

Ed



Logfile of HijackThis v1.99.1
Scan saved at 18:48:27, on 09/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Omniquad AntiSpy\AntiSpy.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and

Settings\user\Application Data\Mozilla\Profiles\default\1vlwakiv.slt\prefs.js)
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AntiSpy] C:\Program Files\Omniquad AntiSpy\AntiSpy.exe startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - DefaultPrefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: http://www.friendsreunited.co.uk
O15 - Trusted Zone: http://www.genesreunited.co.uk
O15 - Trusted Zone: http://www.my.if.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... 4601255156
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA194A6D-E152-4DC1-B7BC-3D871D436DF5}: NameServer = 80.225.248.50 80.225.248.58
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\mvn6l95s1.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GFI LANguard N.S.S. 5.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security

Scanner 5.0\lnssatt.exe" -service (file missing)
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file

missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program

Files\Iomega\AutoDisk\ADService.exe
EdBoyle
Active Member
 
Posts: 11
Joined: April 9th, 2006, 1:52 pm
Advertisement
Register to Remove

Unread postby agrarianmonk » April 9th, 2006, 2:06 pm

Hi EdBoyle

Welcome to the Malware Removal forums. I will be more than happy to help you work on your problems.
Please give me some time to review your log as this can be a lengthy process. As soon as a MR Staff Expert reviews my fix, I will post it for you.
In the mean time, if any problems occur. Please let me know.
Please only use this topic to reply to. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.
If you’re unsure of anything at all please stop and ask!
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby agrarianmonk » April 9th, 2006, 2:19 pm

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

If you receive, while running option #1, an error similar to:
''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt
the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."
...then please use option 5 or the web page link in the l2mfix folder to solve this error condition.
Then rerun option 1 to be sure it will run without errors.

IMPORTANT: Do NOT run option #2 OR any other options in the l2mfix folder until you are asked to do so!

********************************

In your next post, please include:
  • l2mfix log
  • new HijackThis log
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby EdBoyle » April 10th, 2006, 1:49 pm

Dear agrarianmonk

Here are the 2 items of data requested

l2mfix log

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hr4o05h3e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D7593A6D-BC27-5FBC-99A7-0ECF109A6C71}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{F0F08737-0C36-101B-B086-0020AF07D0F4}"="Quick View Plus - Shell Extension object"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universal Plug and Play Devices"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{1E2CDF40-419B-11D2-A5A1-002018648BA7}"="AVG Shell Extension"
"{00000000-0000-0000-0000-000000000054}"="shredderse"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B2EE6FAF-8257-45EB-AA06-E977A2F618A0}"="Ghostbusters"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{c7745760-8ead-11ce-b750-02608ca5202c}"="IomegaWare Shell Extension"
"{c7745761-8ead-11ce-b750-02608ca5202c}"="IomegaWare Shell Extension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{5BDD0260-5582-45A2-8774-3C42018843D6}"="Portello"
"{C0E3559B-B8C2-43F5-8F49-40B88545F22F}"=""
"{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}"=""
"{B841B3F1-6C1D-49A3-B034-B7450ABECE71}"=""
"{DDDA7712-0D63-4487-8511-728DE257DA03}"=""
"{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}"=""
"{206A38A7-FF36-42EB-8FC3-A1D575EFE919}"=""
"{6127ADC0-6F42-4B45-9AB9-558597EC96CC}"=""
"{4943FB7F-F310-4EF6-8458-FF57EBD309C8}"=""
"{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}"=""
"{147082FD-7761-48B8-97F2-AAB9F05F2A1F}"=""
"{204AECF4-C103-463A-AFF3-34B4954C2877}"=""
"{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}"=""
"{CE427662-60A6-4870-A7AB-F80650DEF0C6}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0E3559B-B8C2-43F5-8F49-40B88545F22F}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{C0E3559B-B8C2-43F5-8F49-40B88545F22F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0E3559B-B8C2-43F5-8F49-40B88545F22F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0E3559B-B8C2-43F5-8F49-40B88545F22F}\InprocServer32]
@="C:\\WINDOWS\\system32\\rrgwizc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}\InprocServer32]
@="C:\\WINDOWS\\system32\\wusapi32(3).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B841B3F1-6C1D-49A3-B034-B7450ABECE71}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B841B3F1-6C1D-49A3-B034-B7450ABECE71}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B841B3F1-6C1D-49A3-B034-B7450ABECE71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B841B3F1-6C1D-49A3-B034-B7450ABECE71}\InprocServer32]
@="C:\\WINDOWS\\system32\\AvalaImaging.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DDDA7712-0D63-4487-8511-728DE257DA03}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDDA7712-0D63-4487-8511-728DE257DA03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDDA7712-0D63-4487-8511-728DE257DA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDDA7712-0D63-4487-8511-728DE257DA03}\InprocServer32]
@="C:\\WINDOWS\\system32\\hdetcfg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}\InprocServer32]
@="C:\\WINDOWS\\system32\\ivrdbg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{206A38A7-FF36-42EB-8FC3-A1D575EFE919}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{206A38A7-FF36-42EB-8FC3-A1D575EFE919}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{206A38A7-FF36-42EB-8FC3-A1D575EFE919}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{206A38A7-FF36-42EB-8FC3-A1D575EFE919}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6127ADC0-6F42-4B45-9AB9-558597EC96CC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6127ADC0-6F42-4B45-9AB9-558597EC96CC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6127ADC0-6F42-4B45-9AB9-558597EC96CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6127ADC0-6F42-4B45-9AB9-558597EC96CC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwdtcprx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4943FB7F-F310-4EF6-8458-FF57EBD309C8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4943FB7F-F310-4EF6-8458-FF57EBD309C8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4943FB7F-F310-4EF6-8458-FF57EBD309C8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4943FB7F-F310-4EF6-8458-FF57EBD309C8}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcnipsec(3).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}\InprocServer32]
@="C:\\WINDOWS\\system32\\eicapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{147082FD-7761-48B8-97F2-AAB9F05F2A1F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{147082FD-7761-48B8-97F2-AAB9F05F2A1F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{147082FD-7761-48B8-97F2-AAB9F05F2A1F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{147082FD-7761-48B8-97F2-AAB9F05F2A1F}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{204AECF4-C103-463A-AFF3-34B4954C2877}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{204AECF4-C103-463A-AFF3-34B4954C2877}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{204AECF4-C103-463A-AFF3-34B4954C2877}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{204AECF4-C103-463A-AFF3-34B4954C2877}\InprocServer32]
@="C:\\WINDOWS\\system32\\ssmedia.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}\InprocServer32]
@="C:\\WINDOWS\\system32\\dovmgr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CE427662-60A6-4870-A7AB-F80650DEF0C6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE427662-60A6-4870-A7AB-F80650DEF0C6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE427662-60A6-4870-A7AB-F80650DEF0C6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE427662-60A6-4870-A7AB-F80650DEF0C6}\InprocServer32]
@="C:\\WINDOWS\\system32\\myglibnt.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
avalai~1.dll Mon 10 Apr 2006 17:04:56 ..S.R 235,355 229.84 K
chyptnet.dll Sun 2 Apr 2006 12:15:10 ..S.R 236,779 231.23 K
copbk32.dll Sat 1 Apr 2006 17:30:34 ..S.R 234,320 228.83 K
dovmgr.dll Mon 10 Apr 2006 18:31:50 ..... 234,077 228.59 K
f40ole~1.dll Fri 7 Apr 2006 7:15:42 ..S.R 235,673 230.15 K
fppu03~1.dll Sat 1 Apr 2006 15:31:06 ..S.R 234,320 228.83 K
hr4o05~1.dll Sun 9 Apr 2006 19:07:10 ..S.R 234,077 228.59 K
irpql5~1.dll Sun 9 Apr 2006 14:25:38 ..... 236,791 231.24 K
ivrdbg32.dll Sun 2 Apr 2006 12:08:48 ..S.R 234,813 229.31 K
k0pm0a~1.dll Mon 10 Apr 2006 18:31:50 ..S.R 234,247 228.75 K
kpdcz.dll Sat 1 Apr 2006 17:56:42 ..S.R 234,320 228.83 K
kt24l7~1.dll Sun 2 Apr 2006 11:52:26 ..S.R 236,240 230.70 K
kvymgr.dll Sun 2 Apr 2006 12:39:46 ..S.R 234,917 229.41 K
mfiwave.dll Fri 7 Apr 2006 17:28:12 ..S.R 234,369 228.88 K
mivideo.dll Wed 5 Apr 2006 13:25:36 ..S.R 234,015 228.53 K
mjimrt32.dll Sat 1 Apr 2006 15:10:42 ..S.R 234,320 228.83 K
mut2fw95.dll Sat 8 Apr 2006 16:23:58 ..S.R 234,813 229.31 K
mwdtcprx.dll Sun 2 Apr 2006 12:18:18 ..S.R 234,813 229.31 K
mxiole32.dll Sun 2 Apr 2006 11:13:20 ..S.R 233,578 228.10 K
myglibnt.dll Sun 9 Apr 2006 18:17:54 ..S.R 236,791 231.24 K
ozesvr.dll Sun 2 Apr 2006 12:20:06 ..S.R 236,779 231.23 K
r2r60c~1.dll Sat 1 Apr 2006 16:53:42 ..S.R 234,320 228.83 K
ssmedia.dll Fri 7 Apr 2006 18:25:14 ..S.R 234,369 228.88 K
ucrcntra.dll Sat 8 Apr 2006 9:10:42 ..S.R 234,813 229.31 K
vsdata.dll Thu 16 Mar 2006 11:32:56 A.... 83,736 81.77 K
vsinit.dll Thu 16 Mar 2006 11:33:08 A.... 141,080 137.77 K
vsmonapi.dll Thu 16 Mar 2006 11:33:16 A.... 104,216 101.77 K
vspubapi.dll Thu 16 Mar 2006 11:33:20 A.... 227,096 221.77 K
vsregexp.dll Thu 16 Mar 2006 11:33:24 A.... 71,448 69.77 K
vsutil.dll Thu 16 Mar 2006 11:33:36 A.... 382,744 373.77 K
vsxml.dll Thu 16 Mar 2006 11:33:44 ..... 100,120 97.77 K
wcnips~1.dll Sun 2 Apr 2006 12:22:16 ..S.R 233,739 228.26 K
wusapi~1.dll Sun 9 Apr 2006 8:18:18 ..S.R 234,813 229.31 K
zlcomm.dll Thu 16 Mar 2006 11:34:04 A.... 79,640 77.77 K
zlcommdb.dll Thu 16 Mar 2006 11:34:08 A.... 71,448 69.77 K

35 items found: 35 files (24 H/S), 0 directories.
Total of file sizes: 7,368,989 bytes 7.03 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Mon 10 Apr 2006 18:41:50 ..S.R 234,077 228.59 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 234,077 bytes 228.59 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 185E-D6F4

Directory of C:\WINDOWS\System32

10/04/2006 18:41 234,077 guard.tmp
10/04/2006 18:31 234,247 k0pm0a71ed.dll
10/04/2006 17:04 235,355 AvalaImaging.dll
09/04/2006 19:07 234,077 hr4o05h3e.dll
09/04/2006 18:17 236,791 myglibnt.dll
09/04/2006 08:18 234,813 wusapi32(3).dll
08/04/2006 16:23 234,813 MUT2FW95.DLL
08/04/2006 09:10 234,813 ucrcntra.dll
07/04/2006 18:25 234,369 ssmedia.dll
07/04/2006 17:28 234,369 mfiwave.dll
07/04/2006 07:15 235,673 f40oled31h0.dll
05/04/2006 13:25 234,015 mivideo.dll
03/04/2006 19:32 234,913 h2j4lc1q1f.dll.old
02/04/2006 18:10 <DIR> dllcache
02/04/2006 12:39 234,917 kvymgr.dll
02/04/2006 12:22 233,739 wcnipsec(3).dll
02/04/2006 12:20 236,779 ozesvr.dll
02/04/2006 12:18 234,813 mwdtcprx.dll
02/04/2006 12:15 236,779 chyptnet.dll
02/04/2006 12:08 234,813 ivrdbg32.dll
02/04/2006 11:52 236,240 kt24l7fq1.dll
02/04/2006 11:13 233,578 mxiole32.dll
01/04/2006 17:56 234,320 kpdcz.dll
01/04/2006 17:30 234,320 copbk32.dll
01/04/2006 16:53 234,320 r2r60c9sef.dll
01/04/2006 15:31 234,320 fppu0379e.dll
01/04/2006 15:10 234,320 MJIMRT32.DLL
25/02/2006 10:17 7,168 Thumbs.db
09/09/2004 15:29 <DIR> Microsoft
05/01/2002 05:48 974,848 mfc70.dll
05/01/2002 04:37 344,064 msvcr70.dll
29 File(s) 7,431,663 bytes
2 Dir(s) 140,678,897,664 bytes free


New HijackThis log


Logfile of HijackThis v1.99.1
Scan saved at 18:48:07, on 10/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Omniquad AntiSpy\AntiSpy.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Quick View Plus\PROGRAM\QVP32.EXE
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\user\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\1vlwakiv.slt\prefs.js)
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AntiSpy] C:\Program Files\Omniquad AntiSpy\AntiSpy.exe startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - DefaultPrefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: http://www.friendsreunited.co.uk
O15 - Trusted Zone: http://www.genesreunited.co.uk
O15 - Trusted Zone: http://www.my.if.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4601255156
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA194A6D-E152-4DC1-B7BC-3D871D436DF5}: NameServer = 80.225.248.50 80.225.248.58
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\hr4o05h3e.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GFI LANguard N.S.S. 5.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe" -service (file missing)
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe




EdBoyle
EdBoyle
Active Member
 
Posts: 11
Joined: April 9th, 2006, 1:52 pm

Unread postby agrarianmonk » April 10th, 2006, 9:59 pm

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

Note : Once the pc has restarted if a log does not appear or the icons didn't dissappear, run the "second.bat" located inside the L2mfix folder.

********************************

In your next post, please include
  • l2mfix log
  • new hijackthis log
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby EdBoyle » April 11th, 2006, 4:54 pm

Here are the 2 files


L2mfix 032106
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 460 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 532 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 300 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 188 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\AvalaImaging.dll
Successfully Deleted: C:\WINDOWS\system32\AvalaImaging.dll
Deleting: C:\WINDOWS\system32\chyptnet.dll
Successfully Deleted: C:\WINDOWS\system32\chyptnet.dll
Deleting: C:\WINDOWS\system32\copbk32.dll
Successfully Deleted: C:\WINDOWS\system32\copbk32.dll
Deleting: C:\WINDOWS\system32\f40oled31h0.dll
Successfully Deleted: C:\WINDOWS\system32\f40oled31h0.dll
Deleting: C:\WINDOWS\system32\fppu0379e.dll
Successfully Deleted: C:\WINDOWS\system32\fppu0379e.dll
Deleting: C:\WINDOWS\system32\irnol5531.dll
Successfully Deleted: C:\WINDOWS\system32\irnol5531.dll
Deleting: C:\WINDOWS\system32\irpql5751.dll
Successfully Deleted: C:\WINDOWS\system32\irpql5751.dll
Deleting: C:\WINDOWS\system32\ivrdbg32.dll
Successfully Deleted: C:\WINDOWS\system32\ivrdbg32.dll
Deleting: C:\WINDOWS\system32\kpdcz.dll
Successfully Deleted: C:\WINDOWS\system32\kpdcz.dll
Deleting: C:\WINDOWS\system32\kt24l7fq1.dll
Successfully Deleted: C:\WINDOWS\system32\kt24l7fq1.dll
Deleting: C:\WINDOWS\system32\kvymgr.dll
Successfully Deleted: C:\WINDOWS\system32\kvymgr.dll
Deleting: C:\WINDOWS\system32\mfiwave.dll
Successfully Deleted: C:\WINDOWS\system32\mfiwave.dll
Deleting: C:\WINDOWS\system32\mivideo.dll
Successfully Deleted: C:\WINDOWS\system32\mivideo.dll
Deleting: C:\WINDOWS\system32\MJIMRT32.DLL
Successfully Deleted: C:\WINDOWS\system32\MJIMRT32.DLL
Deleting: C:\WINDOWS\system32\MUT2FW95.DLL
Successfully Deleted: C:\WINDOWS\system32\MUT2FW95.DLL
Deleting: C:\WINDOWS\system32\mwdtcprx.dll
Successfully Deleted: C:\WINDOWS\system32\mwdtcprx.dll
Deleting: C:\WINDOWS\system32\mxiole32.dll
Successfully Deleted: C:\WINDOWS\system32\mxiole32.dll
Deleting: C:\WINDOWS\system32\myglibnt.dll
Successfully Deleted: C:\WINDOWS\system32\myglibnt.dll
Deleting: C:\WINDOWS\system32\mzrd2x40.dll
Successfully Deleted: C:\WINDOWS\system32\mzrd2x40.dll
Deleting: C:\WINDOWS\system32\o0840alqedqe0.dll
Successfully Deleted: C:\WINDOWS\system32\o0840alqedqe0.dll
Deleting: C:\WINDOWS\system32\ozesvr.dll
Successfully Deleted: C:\WINDOWS\system32\ozesvr.dll
Deleting: C:\WINDOWS\system32\r2r60c9sef.dll
Successfully Deleted: C:\WINDOWS\system32\r2r60c9sef.dll
Deleting: C:\WINDOWS\system32\srell32.dll
Successfully Deleted: C:\WINDOWS\system32\srell32.dll
Deleting: C:\WINDOWS\system32\ssmedia.dll
Successfully Deleted: C:\WINDOWS\system32\ssmedia.dll
Deleting: C:\WINDOWS\system32\ucrcntra.dll
Successfully Deleted: C:\WINDOWS\system32\ucrcntra.dll
Deleting: C:\WINDOWS\system32\wcnipsec(3).dll
Successfully Deleted: C:\WINDOWS\system32\wcnipsec(3).dll
Deleting: C:\WINDOWS\system32\wusapi32(3).dll
Successfully Deleted: C:\WINDOWS\system32\wusapi32(3).dll

msg11?.dll
0 file(s) copied.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\o0840alqedqe0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\AvalaImaging.dll
C:\WINDOWS\system32\chyptnet.dll
C:\WINDOWS\system32\copbk32.dll
C:\WINDOWS\system32\f40oled31h0.dll
C:\WINDOWS\system32\fppu0379e.dll
C:\WINDOWS\system32\irnol5531.dll
C:\WINDOWS\system32\irpql5751.dll
C:\WINDOWS\system32\ivrdbg32.dll
C:\WINDOWS\system32\kpdcz.dll
C:\WINDOWS\system32\kt24l7fq1.dll
C:\WINDOWS\system32\kvymgr.dll
C:\WINDOWS\system32\mfiwave.dll
C:\WINDOWS\system32\mivideo.dll
C:\WINDOWS\system32\MJIMRT32.DLL
C:\WINDOWS\system32\MUT2FW95.DLL
C:\WINDOWS\system32\mwdtcprx.dll
C:\WINDOWS\system32\mxiole32.dll
C:\WINDOWS\system32\myglibnt.dll
C:\WINDOWS\system32\mzrd2x40.dll
C:\WINDOWS\system32\o0840alqedqe0.dll
C:\WINDOWS\system32\ozesvr.dll
C:\WINDOWS\system32\r2r60c9sef.dll
C:\WINDOWS\system32\srell32.dll
C:\WINDOWS\system32\ssmedia.dll
C:\WINDOWS\system32\ucrcntra.dll
C:\WINDOWS\system32\wcnipsec(3).dll
C:\WINDOWS\system32\wusapi32(3).dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0E3559B-B8C2-43F5-8F49-40B88545F22F}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{C0E3559B-B8C2-43F5-8F49-40B88545F22F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0E3559B-B8C2-43F5-8F49-40B88545F22F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0E3559B-B8C2-43F5-8F49-40B88545F22F}\InprocServer32]
@="C:\\WINDOWS\\system32\\rrgwizc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}\InprocServer32]
@="C:\\WINDOWS\\system32\\wusapi32(3).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B841B3F1-6C1D-49A3-B034-B7450ABECE71}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B841B3F1-6C1D-49A3-B034-B7450ABECE71}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B841B3F1-6C1D-49A3-B034-B7450ABECE71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B841B3F1-6C1D-49A3-B034-B7450ABECE71}\InprocServer32]
@="C:\\WINDOWS\\system32\\AvalaImaging.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DDDA7712-0D63-4487-8511-728DE257DA03}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDDA7712-0D63-4487-8511-728DE257DA03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDDA7712-0D63-4487-8511-728DE257DA03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDDA7712-0D63-4487-8511-728DE257DA03}\InprocServer32]
@="C:\\WINDOWS\\system32\\hdetcfg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}\InprocServer32]
@="C:\\WINDOWS\\system32\\ivrdbg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{206A38A7-FF36-42EB-8FC3-A1D575EFE919}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{206A38A7-FF36-42EB-8FC3-A1D575EFE919}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{206A38A7-FF36-42EB-8FC3-A1D575EFE919}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{206A38A7-FF36-42EB-8FC3-A1D575EFE919}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6127ADC0-6F42-4B45-9AB9-558597EC96CC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6127ADC0-6F42-4B45-9AB9-558597EC96CC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6127ADC0-6F42-4B45-9AB9-558597EC96CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6127ADC0-6F42-4B45-9AB9-558597EC96CC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwdtcprx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4943FB7F-F310-4EF6-8458-FF57EBD309C8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4943FB7F-F310-4EF6-8458-FF57EBD309C8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4943FB7F-F310-4EF6-8458-FF57EBD309C8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4943FB7F-F310-4EF6-8458-FF57EBD309C8}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcnipsec(3).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}\InprocServer32]
@="C:\\WINDOWS\\system32\\eicapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{147082FD-7761-48B8-97F2-AAB9F05F2A1F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{147082FD-7761-48B8-97F2-AAB9F05F2A1F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{147082FD-7761-48B8-97F2-AAB9F05F2A1F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{147082FD-7761-48B8-97F2-AAB9F05F2A1F}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{204AECF4-C103-463A-AFF3-34B4954C2877}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{204AECF4-C103-463A-AFF3-34B4954C2877}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{204AECF4-C103-463A-AFF3-34B4954C2877}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{204AECF4-C103-463A-AFF3-34B4954C2877}\InprocServer32]
@="C:\\WINDOWS\\system32\\ssmedia.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}\InprocServer32]
@="C:\\WINDOWS\\system32\\dovmgr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CE427662-60A6-4870-A7AB-F80650DEF0C6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE427662-60A6-4870-A7AB-F80650DEF0C6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE427662-60A6-4870-A7AB-F80650DEF0C6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE427662-60A6-4870-A7AB-F80650DEF0C6}\InprocServer32]
@="C:\\WINDOWS\\system32\\myglibnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2AF46A06-80C0-4877-9046-76D8361A9992}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2AF46A06-80C0-4877-9046-76D8361A9992}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2AF46A06-80C0-4877-9046-76D8361A9992}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2AF46A06-80C0-4877-9046-76D8361A9992}\InprocServer32]
@="C:\\WINDOWS\\system32\\voa256.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9BEB37F1-7511-4792-B928-0A25D5590CAB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9BEB37F1-7511-4792-B928-0A25D5590CAB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9BEB37F1-7511-4792-B928-0A25D5590CAB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9BEB37F1-7511-4792-B928-0A25D5590CAB}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{723BD931-CC3C-464C-81AD-3A143AFEFFD9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{723BD931-CC3C-464C-81AD-3A143AFEFFD9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{723BD931-CC3C-464C-81AD-3A143AFEFFD9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{723BD931-CC3C-464C-81AD-3A143AFEFFD9}\InprocServer32]
@="C:\\WINDOWS\\system32\\mzrd2x40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{95BED86B-6DE1-4F7F-8E60-FF4721F83641}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95BED86B-6DE1-4F7F-8E60-FF4721F83641}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95BED86B-6DE1-4F7F-8E60-FF4721F83641}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95BED86B-6DE1-4F7F-8E60-FF4721F83641}\InprocServer32]
@="C:\\WINDOWS\\system32\\srell32.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{C0E3559B-B8C2-43F5-8F49-40B88545F22F}"=-
"{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}"=-
"{B841B3F1-6C1D-49A3-B034-B7450ABECE71}"=-
"{DDDA7712-0D63-4487-8511-728DE257DA03}"=-
"{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}"=-
"{206A38A7-FF36-42EB-8FC3-A1D575EFE919}"=-
"{6127ADC0-6F42-4B45-9AB9-558597EC96CC}"=-
"{4943FB7F-F310-4EF6-8458-FF57EBD309C8}"=-
"{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}"=-
"{147082FD-7761-48B8-97F2-AAB9F05F2A1F}"=-
"{204AECF4-C103-463A-AFF3-34B4954C2877}"=-
"{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}"=-
"{CE427662-60A6-4870-A7AB-F80650DEF0C6}"=-
"{2AF46A06-80C0-4877-9046-76D8361A9992}"=-
"{9BEB37F1-7511-4792-B928-0A25D5590CAB}"=-
"{723BD931-CC3C-464C-81AD-3A143AFEFFD9}"=-
"{95BED86B-6DE1-4F7F-8E60-FF4721F83641}"=-
[-HKEY_CLASSES_ROOT\CLSID\{C0E3559B-B8C2-43F5-8F49-40B88545F22F}]
[-HKEY_CLASSES_ROOT\CLSID\{987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B}]
[-HKEY_CLASSES_ROOT\CLSID\{B841B3F1-6C1D-49A3-B034-B7450ABECE71}]
[-HKEY_CLASSES_ROOT\CLSID\{DDDA7712-0D63-4487-8511-728DE257DA03}]
[-HKEY_CLASSES_ROOT\CLSID\{F4D965A9-5D48-4A1F-ADC6-81BAB5072552}]
[-HKEY_CLASSES_ROOT\CLSID\{206A38A7-FF36-42EB-8FC3-A1D575EFE919}]
[-HKEY_CLASSES_ROOT\CLSID\{6127ADC0-6F42-4B45-9AB9-558597EC96CC}]
[-HKEY_CLASSES_ROOT\CLSID\{4943FB7F-F310-4EF6-8458-FF57EBD309C8}]
[-HKEY_CLASSES_ROOT\CLSID\{11FA5880-AFEC-4343-9079-A64F4E2AF1CF}]
[-HKEY_CLASSES_ROOT\CLSID\{147082FD-7761-48B8-97F2-AAB9F05F2A1F}]
[-HKEY_CLASSES_ROOT\CLSID\{204AECF4-C103-463A-AFF3-34B4954C2877}]
[-HKEY_CLASSES_ROOT\CLSID\{E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23}]
[-HKEY_CLASSES_ROOT\CLSID\{CE427662-60A6-4870-A7AB-F80650DEF0C6}]
[-HKEY_CLASSES_ROOT\CLSID\{2AF46A06-80C0-4877-9046-76D8361A9992}]
[-HKEY_CLASSES_ROOT\CLSID\{9BEB37F1-7511-4792-B928-0A25D5590CAB}]
[-HKEY_CLASSES_ROOT\CLSID\{723BD931-CC3C-464C-81AD-3A143AFEFFD9}]
[-HKEY_CLASSES_ROOT\CLSID\{95BED86B-6DE1-4F7F-8E60-FF4721F83641}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/AvalaImaging.dll (164 bytes security) (deflated 5%)
adding: dlls/chyptnet.dll (164 bytes security) (deflated 6%)
adding: dlls/copbk32.dll (164 bytes security) (deflated 4%)
adding: dlls/f40oled31h0.dll (164 bytes security) (deflated 5%)
adding: dlls/fppu0379e.dll (164 bytes security) (deflated 4%)
adding: dlls/irnol5531.dll (164 bytes security) (deflated 5%)
adding: dlls/irpql5751.dll (164 bytes security) (deflated 6%)
adding: dlls/ivrdbg32.dll (164 bytes security) (deflated 5%)
adding: dlls/kpdcz.dll (164 bytes security) (deflated 4%)
adding: dlls/kt24l7fq1.dll (164 bytes security) (deflated 5%)
adding: dlls/kvymgr.dll (164 bytes security) (deflated 5%)
adding: dlls/mfiwave.dll (164 bytes security) (deflated 5%)
adding: dlls/mivideo.dll (164 bytes security) (deflated 4%)
adding: dlls/MJIMRT32.DLL (164 bytes security) (deflated 4%)
adding: dlls/MUT2FW95.DLL (164 bytes security) (deflated 5%)
adding: dlls/mwdtcprx.dll (164 bytes security) (deflated 5%)
adding: dlls/mxiole32.dll (164 bytes security) (deflated 4%)
adding: dlls/myglibnt.dll (164 bytes security) (deflated 6%)
adding: dlls/mzrd2x40.dll (164 bytes security) (deflated 5%)
adding: dlls/o0840alqedqe0.dll (164 bytes security) (deflated 5%)
adding: dlls/ozesvr.dll (164 bytes security) (deflated 6%)
adding: dlls/r2r60c9sef.dll (164 bytes security) (deflated 4%)
adding: dlls/srell32.dll (164 bytes security) (deflated 5%)
adding: dlls/ssmedia.dll (164 bytes security) (deflated 5%)
adding: dlls/ucrcntra.dll (164 bytes security) (deflated 5%)
adding: dlls/wcnipsec(3).dll (164 bytes security) (deflated 4%)
adding: dlls/wusapi32(3).dll (164 bytes security) (deflated 5%)
adding: backregs/11FA5880-AFEC-4343-9079-A64F4E2AF1CF.reg (188 bytes security) (deflated 70%)
adding: backregs/147082FD-7761-48B8-97F2-AAB9F05F2A1F.reg (188 bytes security) (deflated 70%)
adding: backregs/204AECF4-C103-463A-AFF3-34B4954C2877.reg (188 bytes security) (deflated 70%)
adding: backregs/206A38A7-FF36-42EB-8FC3-A1D575EFE919.reg (188 bytes security) (deflated 70%)
adding: backregs/2AF46A06-80C0-4877-9046-76D8361A9992.reg (188 bytes security) (deflated 70%)
adding: backregs/4943FB7F-F310-4EF6-8458-FF57EBD309C8.reg (188 bytes security) (deflated 69%)
adding: backregs/6127ADC0-6F42-4B45-9AB9-558597EC96CC.reg (188 bytes security) (deflated 70%)
adding: backregs/723BD931-CC3C-464C-81AD-3A143AFEFFD9.reg (188 bytes security) (deflated 70%)
adding: backregs/95BED86B-6DE1-4F7F-8E60-FF4721F83641.reg (188 bytes security) (deflated 70%)
adding: backregs/987A3ECF-FD6F-42D8-8C04-B43BEEE72D5B.reg (188 bytes security) (deflated 70%)
adding: backregs/9BEB37F1-7511-4792-B928-0A25D5590CAB.reg (188 bytes security) (deflated 70%)
adding: backregs/B841B3F1-6C1D-49A3-B034-B7450ABECE71.reg (188 bytes security) (deflated 70%)
adding: backregs/C0E3559B-B8C2-43F5-8F49-40B88545F22F.reg (188 bytes security) (deflated 69%)
adding: backregs/CE427662-60A6-4870-A7AB-F80650DEF0C6.reg (188 bytes security) (deflated 70%)
adding: backregs/DDDA7712-0D63-4487-8511-728DE257DA03.reg (188 bytes security) (deflated 70%)
adding: backregs/E0CAFB71-E5DA-4DA9-9784-8D42A6EF7E23.reg (188 bytes security) (deflated 70%)
adding: backregs/F4D965A9-5D48-4A1F-ADC6-81BAB5072552.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 72%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)



Logfile of HijackThis v1.99.1
Scan saved at 21:52:52, on 11/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\user\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\1vlwakiv.slt\prefs.js)
O3 - Toolbar: Bugnosis - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - C:\Program Files\Bugnosis\WebBug.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AntiSpy] C:\Program Files\Omniquad AntiSpy\AntiSpy.exe startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - DefaultPrefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: http://www.genesreunited.co.uk.
O15 - Trusted Zone: http://www.friendsreunited.co.uk
O15 - Trusted Zone: http://www.genesreunited.co.uk
O15 - Trusted Zone: http://www.my.if.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4601255156
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA194A6D-E152-4DC1-B7BC-3D871D436DF5}: NameServer = 80.225.248.50 80.225.248.58
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\o0840alqedqe0.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GFI LANguard N.S.S. 5.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe" -service (file missing)
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe




Ed Boyle
EdBoyle
Active Member
 
Posts: 11
Joined: April 9th, 2006, 1:52 pm

Unread postby agrarianmonk » April 12th, 2006, 11:08 am

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/
O13 - DefaultPrefix:
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\o0840alqedqe0.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)


If you or an administrator did not set the following restriction in Internet Explorer or Spybot, please also check the following:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

If you did not purposely add these sites to your trusted region, also check the following:

O15 - Trusted Zone: http://www.genesreunited.co.uk.
O15 - Trusted Zone: http://www.friendsreunited.co.uk
O15 - Trusted Zone: http://www.genesreunited.co.uk
O15 - Trusted Zone: http://www.my.if.com

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.

Reboot

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

In your next post, please include
  • new hijackthis log
  • kaspersky log
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby EdBoyle » April 12th, 2006, 5:11 pm

HiJack Log


Logfile of HijackThis v1.99.1
Scan saved at 22:07:09, on 12/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\Security\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\1vlwakiv.slt\prefs.js)
O3 - Toolbar: Bugnosis - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - C:\Program Files\Bugnosis\WebBug.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AntiSpy] C:\Program Files\Omniquad AntiSpy\AntiSpy.exe startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: http://www.genesreunited.co.uk.
O15 - Trusted Zone: http://www.friendsreunited.co.uk
O15 - Trusted Zone: http://www.genesreunited.co.uk
O15 - Trusted Zone: http://www.my.if.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4601255156
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GFI LANguard N.S.S. 5.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe" -service (file missing)
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe



Kaspersky Log



KASPERSKY ON-LINE SCANNER REPORT
Wednesday, April 12, 2006 10:06:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 12/04/2006
Kaspersky Anti-Virus database records: 187808
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 82443
Number of viruses found 29
Number of infected objects 152
Number of suspicious objects 5
Duration of the scan process 00:46:50

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B34Z9JNF\sk02[1].exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B34Z9JNF\sk02[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CMQLAQU7\d72[1].exe Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-68163b6d-7354ec86.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-b1c4c49-5af06fca.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2929a7c2-693b7974.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.z skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2929a7c2-693b7974.zip/VB.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2929a7c2-693b7974.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2929a7c2-693b7974.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-2b77d667.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-2b77d667.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-2b77d667.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-2b77d667.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-398e54ce-7f4379e3.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-398e54ce-7f4379e3.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-398e54ce-7f4379e3.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-398e54ce-7f4379e3.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-6662d4e6.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-6662d4e6.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-6662d4e6.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-6662d4e6.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4a7c7991-7047eb52.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4a7c7991-7047eb52.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4a7c7991-7047eb52.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4a7c7991-7047eb52.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2dfbe7c5.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2dfbe7c5.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2dfbe7c5.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2dfbe7c5.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-3dbbdba3.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-3dbbdba3.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-3dbbdba3.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-3dbbdba3.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6840731f-6bd5b86f.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6840731f-6bd5b86f.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6840731f-6bd5b86f.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6840731f-6bd5b86f.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b9e208a-185f5f10.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b9e208a-185f5f10.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b9e208a-185f5f10.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b9e208a-185f5f10.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip/Installer.class Infected: Trojan-Downloader.Java.OpenStream.v skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip ZIP: infected - 4 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-378338f7-743aa7fd.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-378338f7-743aa7fd.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-378338f7-743aa7fd.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-378338f7-743aa7fd.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-2536d968-461be442.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-2536d968-461be442.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-2536d968-461be442.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-2536d968-461be442.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-55a75cc5-22799faa.zip/MainApp.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-55a75cc5-22799faa.zip/Jvb.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-55a75cc5-22799faa.zip ZIP: infected - 2 skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/AvalaImaging.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/chyptnet.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/copbk32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/f40oled31h0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/fppu0379e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/irnol5531.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/irpql5751.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/ivrdbg32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/kpdcz.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/kt24l7fq1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/kvymgr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/mfiwave.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/mivideo.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/MJIMRT32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/MUT2FW95.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/mwdtcprx.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/mxiole32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/myglibnt.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/mzrd2x40.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/o0840alqedqe0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/ozesvr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/r2r60c9sef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/srell32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/ssmedia.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/ucrcntra.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/wcnipsec(3).dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip/dlls/wusapi32(3).dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\backup.zip ZIP: infected - 27 skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\AvalaImaging.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\chyptnet.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\copbk32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\f40oled31h0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\fppu0379e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\irnol5531.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\irpql5751.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\ivrdbg32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\kpdcz.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\kt24l7fq1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\kvymgr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\mfiwave.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\mivideo.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\MJIMRT32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\MUT2FW95.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\mwdtcprx.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\mxiole32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\myglibnt.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\mzrd2x40.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\o0840alqedqe0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\ozesvr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\r2r60c9sef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\srell32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\ssmedia.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\ucrcntra.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\wcnipsec(3).dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Desktop\Virus\l2mfix\dlls\wusapi32(3).dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/09 Oct 2003 18:00 to johnacton2001:Re: A funny website.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: suspicious - 1 skipped
C:\Download\2mcwe.exe/doc\NH20040517.4a.yy.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\Download\2mcwe.exe/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Download\2mcwe.exe/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Download\2mcwe.exe/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Download\2mcwe.exe/doc\NH20040517.4a.yy.exe/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Download\2mcwe.exe/doc\NH20040517.4a.yy.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Download\2mcwe.exe Gentee: infected - 6 skipped
C:\Download\pspv.zip/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\Download\pspv.zip ZIP: infected - 1 skipped
C:\Download\ps_uninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Download\ps_uninstaller.exe NSIS: infected - 1 skipped
C:\drsmartload1.exe.stop Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\drsmartload46a.exe.stop Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\Dump\cute3032.exe/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Dump\cute3032.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Dump\cute3032.exe WiseSFX: infected - 2 skipped
C:\Dump\Outlook Express\Deleted Items.dbx/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip/doc.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\Dump\Outlook Express\Deleted Items.dbx/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\Dump\Outlook Express\Deleted Items.dbx/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\Dump\Outlook Express\Deleted Items.dbx/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\Dump\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Dump\Outlook Express\Sent Items.dbx/[From "Ed Boyle" ][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Dump\Outlook Express\Sent Items.dbx/[From "Ed Boyle" ][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Dump\Outlook Express\Sent Items.dbx Mail MS Outlook 5: suspicious - 2 skipped
C:\Dump2\DBASE\Cain\AbelKiller.exe Infected: not-a-virus:PSWTool.Win32.Cain.a skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\209D4CCD-6A14-4F0E-8FBD-40CA74\1149A167-FFBD-4EF8-B691-FF6BE4 Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\209D4CCD-6A14-4F0E-8FBD-40CA74\13A49758-FF80-4153-A4DB-EF5F49 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\209D4CCD-6A14-4F0E-8FBD-40CA74\D339A6E4-42B0-46FF-9986-19F5D0/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\209D4CCD-6A14-4F0E-8FBD-40CA74\D339A6E4-42B0-46FF-9986-19F5D0/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\209D4CCD-6A14-4F0E-8FBD-40CA74\D339A6E4-42B0-46FF-9986-19F5D0/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\209D4CCD-6A14-4F0E-8FBD-40CA74\D339A6E4-42B0-46FF-9986-19F5D0 CAB: infected - 3 skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\209D4CCD-6A14-4F0E-8FBD-40CA74\D8FE9E92-B9EA-4FB3-A4AD-D382CF Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\sk02.exe.stop/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\sk02.exe.stop NSIS: infected - 1 skipped
C:\Temp\PW Viewer\pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\Veracruz.exe.stop/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Veracruz.exe.stop/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Veracruz.exe.stop NSIS: infected - 2 skipped
C:\WINDOWS\icont.exe.old Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\WINDOWS\system\advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\WINDOWS\system32\h2j4lc1q1f.dll.old Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\xdos.exe.stop Infected: Trojan-Downloader.Win32.Adload.ai skipped
Scan process completed.
EdBoyle
Active Member
 
Posts: 11
Joined: April 9th, 2006, 1:52 pm

Unread postby agrarianmonk » April 13th, 2006, 11:06 am

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Navigate to these folders and delete the contents (not the folders themselves!)

C:\Program Files\Microsoft AntiSpyware\Quarantine\


Delete the following folders:

C:\Documents and Settings\user\Desktop\Virus\l2mfix\ << this folder

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\archive.pst
    C:\Download\2mcwe.exe
    C:\Download\pspv.zip
    C:\Download\ps_uninstaller.exe
    C:\drsmartload1.exe.stop
    C:\drsmartload46a.exe.stop
    C:\Dump\cute3032.exe
    C:\Dump\Outlook Express\Deleted Items.dbx
    C:\Dump\Outlook Express\Sent Items.dbx
    C:\Dump2\DBASE\Cain\AbelKiller.exe
    C:\sk02.exe.stop
    C:\Veracruz.exe.stop
    C:\WINDOWS\icont.exe.old
    C:\WINDOWS\system\advert.dll
    C:\WINDOWS\system32\h2j4lc1q1f.dll.old
    C:\WINDOWS\system32\i
    C:\xdos.exe.stop

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

After reboot, please run another Kaspersky scan:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby EdBoyle » April 13th, 2006, 11:40 am

Quick Question!

When I copy and paste the selected files, will all these files including my archive.pst folder be eventually deleted?

Ed
EdBoyle
Active Member
 
Posts: 11
Joined: April 9th, 2006, 1:52 pm

Unread postby agrarianmonk » April 13th, 2006, 9:52 pm

EdBoyle wrote:Quick Question!

When I copy and paste the selected files, will all these files including my archive.pst folder be eventually deleted?

Ed


yes, they will be.

you can take the archive.pst folder out of the deletion list.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby EdBoyle » April 14th, 2006, 3:34 am

When I run Killbox as instructed, after a short while and before it ends the copying process, I get the message

"There is no path to the file in the Destination box, You must list a file or use the Dummy"

When I hit the OK button nothing further happens.


Ed
EdBoyle
Active Member
 
Posts: 11
Joined: April 9th, 2006, 1:52 pm

Unread postby agrarianmonk » April 14th, 2006, 8:15 pm

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each (each file will be inputed manually, one by one.)


C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\archive.pst
C:\Download\2mcwe.exe
C:\Download\pspv.zip
C:\Download\ps_uninstaller.exe
C:\drsmartload1.exe.stop
C:\drsmartload46a.exe.stop
C:\Dump\cute3032.exe
C:\Dump\Outlook Express\Deleted Items.dbx
C:\Dump\Outlook Express\Sent Items.dbx
C:\Dump2\DBASE\Cain\AbelKiller.exe
C:\sk02.exe.stop
C:\Veracruz.exe.stop
C:\WINDOWS\icont.exe.old
C:\WINDOWS\system\advert.dll
C:\WINDOWS\system32\h2j4lc1q1f.dll.old
C:\WINDOWS\system32\i
C:\xdos.exe.stop

For these files, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.
After reboot, please run another Kaspersky scan:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

in your next post, please include:
  • new hijackthis log
  • kasperksy scan
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

"Rogue POP-UP sites"

Unread postby EdBoyle » April 15th, 2006, 10:50 am

Dear agrarianmonk

Here are the 3 log files ....

Logfile of HijackThis v1.99.1
Scan saved at 09:11:43, on 15/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\Security\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\1vlwakiv.slt\prefs.js)
O3 - Toolbar: Bugnosis - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - C:\Program Files\Bugnosis\WebBug.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AntiSpy] C:\Program Files\Omniquad AntiSpy\AntiSpy.exe startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: http://www.genesreunited.co.uk.
O15 - Trusted Zone: http://www.friendsreunited.co.uk
O15 - Trusted Zone: http://www.genesreunited.co.uk
O15 - Trusted Zone: http://www.my.if.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4601255156
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GFI LANguard N.S.S. 5.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe" -service (file missing)
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe





-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, April 15, 2006 3:45:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 15/04/2006
Kaspersky Anti-Virus database records: 188173
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 82959
Number of viruses found: 31
Number of infected objects: 371
Number of suspicious objects: 29
Duration of the scan process: 00:49:42

Infected Object Name / Virus Name / Last Action
C:\!KillBox\( 1) Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\!KillBox\( 17) Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\!KillBox\( 18) Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\!KillBox\( 2) Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\!KillBox\( 3) Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\!KillBox\( 34) Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\!KillBox\( 50) Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\!KillBox\2mcwe.exe/doc\NH20040517.4a.yy.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\!KillBox\2mcwe.exe/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\!KillBox\2mcwe.exe/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe/doc\NH20040517.4a.yy.exe/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe/doc\NH20040517.4a.yy.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe Gentee: infected - 6 skipped
C:\!KillBox\2mcwe.exe( 15)/doc\NH20040517.4a.yy.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\!KillBox\2mcwe.exe( 15)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 15)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\!KillBox\2mcwe.exe( 15)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 15)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 15)/doc\NH20040517.4a.yy.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 15) Gentee: infected - 6 skipped
C:\!KillBox\2mcwe.exe( 16)/doc\NH20040517.4a.yy.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\!KillBox\2mcwe.exe( 16)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 16)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\!KillBox\2mcwe.exe( 16)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 16)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 16)/doc\NH20040517.4a.yy.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 16) Gentee: infected - 6 skipped
C:\!KillBox\2mcwe.exe( 17)/doc\NH20040517.4a.yy.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\!KillBox\2mcwe.exe( 17)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 17)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\!KillBox\2mcwe.exe( 17)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 17)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 17)/doc\NH20040517.4a.yy.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 17) Gentee: infected - 6 skipped
C:\!KillBox\2mcwe.exe( 30)/doc\NH20040517.4a.yy.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\!KillBox\2mcwe.exe( 30)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 30)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\!KillBox\2mcwe.exe( 30)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 30)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 30)/doc\NH20040517.4a.yy.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 30) Gentee: infected - 6 skipped
C:\!KillBox\2mcwe.exe( 32)/doc\NH20040517.4a.yy.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\!KillBox\2mcwe.exe( 32)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 32)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\!KillBox\2mcwe.exe( 32)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 32)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 32)/doc\NH20040517.4a.yy.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 32) Gentee: infected - 6 skipped
C:\!KillBox\2mcwe.exe( 48)/doc\NH20040517.4a.yy.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\!KillBox\2mcwe.exe( 48)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 48)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\!KillBox\2mcwe.exe( 48)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 48)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 48)/doc\NH20040517.4a.yy.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 48) Gentee: infected - 6 skipped
C:\!KillBox\2mcwe.exe( 64)/doc\NH20040517.4a.yy.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\!KillBox\2mcwe.exe( 64)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 64)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\!KillBox\2mcwe.exe( 64)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 64)/doc\NH20040517.4a.yy.exe/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 64)/doc\NH20040517.4a.yy.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\!KillBox\2mcwe.exe( 64) Gentee: infected - 6 skipped
C:\!KillBox\AbelKiller.exe Infected: not-a-virus:PSWTool.Win32.Cain.a skipped
C:\!KillBox\AbelKiller.exe( 22) Infected: not-a-virus:PSWTool.Win32.Cain.a skipped
C:\!KillBox\AbelKiller.exe( 24) Infected: not-a-virus:PSWTool.Win32.Cain.a skipped
C:\!KillBox\AbelKiller.exe( 40) Infected: not-a-virus:PSWTool.Win32.Cain.a skipped
C:\!KillBox\AbelKiller.exe( 56) Infected: not-a-virus:PSWTool.Win32.Cain.a skipped
C:\!KillBox\AbelKiller.exe( 7) Infected: not-a-virus:PSWTool.Win32.Cain.a skipped
C:\!KillBox\AbelKiller.exe( 8) Infected: not-a-virus:PSWTool.Win32.Cain.a skipped
C:\!KillBox\AbelKiller.exe( 9) Infected: not-a-virus:PSWTool.Win32.Cain.a skipped
C:\!KillBox\advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\advert.dll( 20) Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\advert.dll( 36) Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\advert.dll( 4) Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\advert.dll( 5) Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\advert.dll( 52) Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe WiseSFX: infected - 2 skipped
C:\!KillBox\cute3032.exe( 10)/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 10)/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 10) WiseSFX: infected - 2 skipped
C:\!KillBox\cute3032.exe( 11)/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 11)/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 11) WiseSFX: infected - 2 skipped
C:\!KillBox\cute3032.exe( 12)/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 12)/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 12) WiseSFX: infected - 2 skipped
C:\!KillBox\cute3032.exe( 25)/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 25)/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 25) WiseSFX: infected - 2 skipped
C:\!KillBox\cute3032.exe( 27)/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 27)/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 27) WiseSFX: infected - 2 skipped
C:\!KillBox\cute3032.exe( 43)/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 43)/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 43) WiseSFX: infected - 2 skipped
C:\!KillBox\cute3032.exe( 59)/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 59)/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\!KillBox\cute3032.exe( 59) WiseSFX: infected - 2 skipped
C:\!KillBox\Deleted Items.dbx/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip/doc.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx Mail MS Outlook 5: infected - 4 skipped
C:\!KillBox\Deleted Items.dbx( 10)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip/doc.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 10)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 10)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 10)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 10) Mail MS Outlook 5: infected - 4 skipped
C:\!KillBox\Deleted Items.dbx( 11)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip/doc.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 11)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 11)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 11)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 11) Mail MS Outlook 5: infected - 4 skipped
C:\!KillBox\Deleted Items.dbx( 24)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip/doc.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 24)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 24)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 24)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 24) Mail MS Outlook 5: infected - 4 skipped
C:\!KillBox\Deleted Items.dbx( 26)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip/doc.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 26)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 26)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 26)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 26) Mail MS Outlook 5: infected - 4 skipped
C:\!KillBox\Deleted Items.dbx( 42)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip/doc.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 42)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 42)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 42)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 42) Mail MS Outlook 5: infected - 4 skipped
C:\!KillBox\Deleted Items.dbx( 58)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip/doc.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 58)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 58)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 58)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 58) Mail MS Outlook 5: infected - 4 skipped
C:\!KillBox\Deleted Items.dbx( 9)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip/doc.htm.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 9)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED/[From teddy2@ukpals.com][Date Wed, 5 May 2004 05:42:50 +0100]/doc.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 9)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 9)/[From MAILER-DAEMON@mxes1.enta.net (Mail Delivery System)][Date Wed, 5 May 2004 19:55:34 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\!KillBox\Deleted Items.dbx( 9) Mail MS Outlook 5: infected - 4 skipped
C:\!KillBox\drsmartload1.exe.stop Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\!KillBox\drsmartload1.exe.stop( 12) Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\!KillBox\drsmartload1.exe.stop( 13) Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\!KillBox\drsmartload1.exe.stop( 14) Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\!KillBox\drsmartload1.exe.stop( 27) Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\!KillBox\drsmartload1.exe.stop( 29) Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\!KillBox\drsmartload1.exe.stop( 45) Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\!KillBox\drsmartload1.exe.stop( 61) Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\!KillBox\drsmartload46a.exe.stop Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\drsmartload46a.exe.stop( 11) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\drsmartload46a.exe.stop( 12) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\drsmartload46a.exe.stop( 13) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\drsmartload46a.exe.stop( 26) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\drsmartload46a.exe.stop( 28) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\drsmartload46a.exe.stop( 44) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\drsmartload46a.exe.stop( 60) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\h2j4lc1q1f.dll.old Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\!KillBox\h2j4lc1q1f.dll.old( 18) Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\!KillBox\h2j4lc1q1f.dll.old( 19) Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\!KillBox\h2j4lc1q1f.dll.old( 3) Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\!KillBox\h2j4lc1q1f.dll.old( 35) Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\!KillBox\h2j4lc1q1f.dll.old( 4) Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\!KillBox\h2j4lc1q1f.dll.old( 51) Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\!KillBox\icont.exe.old Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\!KillBox\icont.exe.old( 19) Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\!KillBox\icont.exe.old( 21) Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\!KillBox\icont.exe.old( 37) Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\!KillBox\icont.exe.old( 4) Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\!KillBox\icont.exe.old( 5) Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\!KillBox\icont.exe.old( 53) Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\!KillBox\icont.exe.old( 6) Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\!KillBox\pspv.zip/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\!KillBox\pspv.zip ZIP: infected - 1 skipped
C:\!KillBox\pspv.zip( 14)/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\!KillBox\pspv.zip( 14) ZIP: infected - 1 skipped
C:\!KillBox\pspv.zip( 15)/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\!KillBox\pspv.zip( 15) ZIP: infected - 1 skipped
C:\!KillBox\pspv.zip( 16)/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\!KillBox\pspv.zip( 16) ZIP: infected - 1 skipped
C:\!KillBox\pspv.zip( 29)/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\!KillBox\pspv.zip( 29) ZIP: infected - 1 skipped
C:\!KillBox\pspv.zip( 31)/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\!KillBox\pspv.zip( 31) ZIP: infected - 1 skipped
C:\!KillBox\pspv.zip( 47)/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\!KillBox\pspv.zip( 47) ZIP: infected - 1 skipped
C:\!KillBox\pspv.zip( 63)/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\!KillBox\pspv.zip( 63) ZIP: infected - 1 skipped
C:\!KillBox\ps_uninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\ps_uninstaller.exe NSIS: infected - 1 skipped
C:\!KillBox\ps_uninstaller.exe( 13)/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\ps_uninstaller.exe( 13) NSIS: infected - 1 skipped
C:\!KillBox\ps_uninstaller.exe( 14)/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\ps_uninstaller.exe( 14) NSIS: infected - 1 skipped
C:\!KillBox\ps_uninstaller.exe( 15)/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\ps_uninstaller.exe( 15) NSIS: infected - 1 skipped
C:\!KillBox\ps_uninstaller.exe( 28)/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\ps_uninstaller.exe( 28) NSIS: infected - 1 skipped
C:\!KillBox\ps_uninstaller.exe( 30)/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\ps_uninstaller.exe( 30) NSIS: infected - 1 skipped
C:\!KillBox\ps_uninstaller.exe( 46)/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\ps_uninstaller.exe( 46) NSIS: infected - 1 skipped
C:\!KillBox\ps_uninstaller.exe( 62)/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\ps_uninstaller.exe( 62) NSIS: infected - 1 skipped
C:\!KillBox\Sent Items.dbx/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx Mail MS Outlook 5: suspicious - 2 skipped
C:\!KillBox\Sent Items.dbx( 10)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 10)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 10) Mail MS Outlook 5: suspicious - 2 skipped
C:\!KillBox\Sent Items.dbx( 23)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 23)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 23) Mail MS Outlook 5: suspicious - 2 skipped
C:\!KillBox\Sent Items.dbx( 25)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 25)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 25) Mail MS Outlook 5: suspicious - 2 skipped
C:\!KillBox\Sent Items.dbx( 41)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 41)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 41) Mail MS Outlook 5: suspicious - 2 skipped
C:\!KillBox\Sent Items.dbx( 57)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 57)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 57) Mail MS Outlook 5: suspicious - 2 skipped
C:\!KillBox\Sent Items.dbx( 8)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 8)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 8) Mail MS Outlook 5: suspicious - 2 skipped
C:\!KillBox\Sent Items.dbx( 9)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 9)/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\!KillBox\Sent Items.dbx( 9) Mail MS Outlook 5: suspicious - 2 skipped
C:\!KillBox\sk02.exe.stop/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\sk02.exe.stop NSIS: infected - 1 skipped
C:\!KillBox\sk02.exe.stop( 21)/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\sk02.exe.stop( 21) NSIS: infected - 1 skipped
C:\!KillBox\sk02.exe.stop( 23)/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\sk02.exe.stop( 23) NSIS: infected - 1 skipped
C:\!KillBox\sk02.exe.stop( 39)/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\sk02.exe.stop( 39) NSIS: infected - 1 skipped
C:\!KillBox\sk02.exe.stop( 55)/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\sk02.exe.stop( 55) NSIS: infected - 1 skipped
C:\!KillBox\sk02.exe.stop( 6)/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\sk02.exe.stop( 6) NSIS: infected - 1 skipped
C:\!KillBox\sk02.exe.stop( 7)/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\sk02.exe.stop( 7) NSIS: infected - 1 skipped
C:\!KillBox\sk02.exe.stop( 8)/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\sk02.exe.stop( 8) NSIS: infected - 1 skipped
C:\!KillBox\Veracruz.exe.stop/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop NSIS: infected - 2 skipped
C:\!KillBox\Veracruz.exe.stop( 20)/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 20)/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 20) NSIS: infected - 2 skipped
C:\!KillBox\Veracruz.exe.stop( 22)/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 22)/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 22) NSIS: infected - 2 skipped
C:\!KillBox\Veracruz.exe.stop( 38)/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 38)/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 38) NSIS: infected - 2 skipped
C:\!KillBox\Veracruz.exe.stop( 5)/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 5)/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 5) NSIS: infected - 2 skipped
C:\!KillBox\Veracruz.exe.stop( 54)/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 54)/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 54) NSIS: infected - 2 skipped
C:\!KillBox\Veracruz.exe.stop( 6)/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 6)/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 6) NSIS: infected - 2 skipped
C:\!KillBox\Veracruz.exe.stop( 7)/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 7)/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\!KillBox\Veracruz.exe.stop( 7) NSIS: infected - 2 skipped
C:\!KillBox\xdos.exe.stop Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\xdos.exe.stop( 1) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\xdos.exe.stop( 16) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\xdos.exe.stop( 17) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\xdos.exe.stop( 2) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\xdos.exe.stop( 33) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\!KillBox\xdos.exe.stop( 49) Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B34Z9JNF\sk02[1].exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B34Z9JNF\sk02[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-68163b6d-7354ec86.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-b1c4c49-5af06fca.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2929a7c2-693b7974.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.z skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2929a7c2-693b7974.zip/VB.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2929a7c2-693b7974.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2929a7c2-693b7974.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-2b77d667.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-2b77d667.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-2b77d667.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-2b77d667.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-398e54ce-7f4379e3.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-398e54ce-7f4379e3.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-398e54ce-7f4379e3.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-398e54ce-7f4379e3.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-6662d4e6.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-6662d4e6.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-6662d4e6.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-6662d4e6.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4a7c7991-7047eb52.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4a7c7991-7047eb52.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4a7c7991-7047eb52.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4a7c7991-7047eb52.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2dfbe7c5.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2dfbe7c5.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2dfbe7c5.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-2dfbe7c5.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-3dbbdba3.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-3dbbdba3.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-3dbbdba3.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-3dbbdba3.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6840731f-6bd5b86f.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6840731f-6bd5b86f.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6840731f-6bd5b86f.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6840731f-6bd5b86f.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b9e208a-185f5f10.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b9e208a-185f5f10.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b9e208a-185f5f10.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7b9e208a-185f5f10.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip/Installer.class Infected: Trojan-Downloader.Java.OpenStream.v skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-316fdc64.zip ZIP: infected - 4 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-378338f7-743aa7fd.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-378338f7-743aa7fd.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-378338f7-743aa7fd.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv581.jar-378338f7-743aa7fd.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-2536d968-461be442.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-2536d968-461be442.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-2536d968-461be442.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv62.jar-2536d968-461be442.zip ZIP: infected - 3 skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-55a75cc5-22799faa.zip/MainApp.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-55a75cc5-22799faa.zip/Jvb.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-55a75cc5-22799faa.zip ZIP: infected - 2 skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\archive.pst.old/Archive Folders/Sent Items/09 Oct 2003 18:00 to johnacton2001:Re: A funny website.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\archive.pst.old Mail MS Mail: suspicious - 1 skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\w6zdzwvd.user\Cache\A423078Ad01/data0007 Infected: Trojan-Downloader.Win32.Zlob.lj skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\w6zdzwvd.user\Cache\A423078Ad01/data0008 Infected: Trojan-Downloader.Win32.Zlob.li skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\w6zdzwvd.user\Cache\A423078Ad01 NSIS: infected - 2 skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\w6zdzwvd.user\Cache\A423078Ad01 UPX: infected - 2 skipped
C:\Dump\cute3032.exe/WISE0011.BIN/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Dump\cute3032.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
C:\Dump\cute3032.exe WiseSFX: infected - 2 skipped
C:\Dump\Outlook Express\Sent Items.dbx/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Dump\Outlook Express\Sent Items.dbx/[From "Ed Boyle" <teddy2@connectfree.co.uk>][Date Thu, 9 Oct 2003 19:00:44 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Dump\Outlook Express\Sent Items.dbx Mail MS Outlook 5: suspicious - 2 skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/AvalaImaging.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/chyptnet.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/copbk32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/f40oled31h0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/fppu0379e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/irnol5531.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/irpql5751.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/ivrdbg32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/kpdcz.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/kt24l7fq1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/kvymgr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/mfiwave.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/mivideo.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/MJIMRT32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/MUT2FW95.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/mwdtcprx.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/mxiole32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/myglibnt.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/mzrd2x40.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/o0840alqedqe0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/ozesvr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/r2r60c9sef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/srell32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/ssmedia.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/ucrcntra.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/wcnipsec(3).dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip/dlls/wusapi32(3).dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\backup.zip ZIP: infected - 27 skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\AvalaImaging.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\chyptnet.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\copbk32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\f40oled31h0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\fppu0379e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\irnol5531.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\irpql5751.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\ivrdbg32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\kpdcz.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\kt24l7fq1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\kvymgr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\mfiwave.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\mivideo.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\MJIMRT32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\MUT2FW95.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\mwdtcprx.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\mxiole32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\myglibnt.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\mzrd2x40.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\o0840alqedqe0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\ozesvr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\r2r60c9sef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\srell32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\ssmedia.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\ucrcntra.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\wcnipsec(3).dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1229272821-1284227242-839522115-1004\Dc6\dlls\wusapi32(3).dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Temp\PW Viewer\pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
C:\WINDOWS\system\advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped

Scan process completed.




Ed Boyle
EdBoyle
Active Member
 
Posts: 11
Joined: April 9th, 2006, 1:52 pm

Unread postby agrarianmonk » April 16th, 2006, 2:48 am

  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\system\advert.dll
    C:\Temp\PW Viewer\pspv.exe
    C:\Dump\cute3032.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

After Reboot

Open Firefox click Tools-->Clear Private Data

Verify that Cache is checked(should be by default) and click Clear Private Data Now


Delete the following folder:

C:\!KillBox\

Now, navigate to C:\RECYCLER\, and delete the contents of the folder (not the folder itself!).

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Now, please do another online scan:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

In your next post, please include:
  • new hijackthis log
  • kaspersky scan
[/quote]
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware