Thanks Pieter. I did as you told. I was not able to download the Panda scanner so used the Bullguard-scan. My internet connection stays very slow. Any explantation in running applications/spyware/other? Here are the logs:
Logfile of HijackThis v1.99.1
Scan saved at 21:18:41, on 26/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.be/0SENLBE/SAOS01R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.be/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [SurfFastNow] C:\Program Files\SurfFastNow\SurfFastNow.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Guy\Local Settings\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg...t/c381/chat.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
http://www.installen...gine/isetup.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.c...utocomplete.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...296/mcfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{ED4EDA7B-D289-4D39-B3B6-FCC7D2A1C1CC}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
___________________________________________________________
BullGuard Scan Report
Scan Profile: "My Computer"
___________________________________________________________
----[ System Info ]------------
OS Version: Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Physical memory: 256 MB
System up-time: 0 days, 01 hours, 37 minutes, 26 seconds
BullGuard up-time: 0 days, 01 hours, 34 minutes, 59 seconds
TopLayer Version: 5.0.2.0
FileSpy Version: 1.0.0.3
MailProxy Version: N/A
AntiVirus Version: 5.0.2.1
----[ Scan Parameters ]------------
Folders to scan:
C:\
Excluded folders:
None
Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:
[X] Exclude user extensions: lnk
[X] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[X] Enable heuristic detection
___________________________________________________________
Scan Statistics
___________________________________________________________
Scan started: Tuesday, April 26, 2005 16:32:50
Scan duration: 0 days, 01 hours, 32 minutes, 58 seconds
Completion status: Successful
Total files scanned: 203107
Total files skipped: 129
Identified viruses: 6
Scan speed: 36.41 files/sec
Files skipped:
C:\Documents and Settings\All Users\Application Data\bg500000.tmp [Open Failed]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia2.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia2.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia3.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia3.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia4.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia4.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia5.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia5.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\INetSpeak.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\INetSpeak.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE1.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE1.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE2.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE2.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE3.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE3.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE4.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE4.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE5.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE5.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE6.zip=>WindowsIE.dll [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE6.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE7.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE7.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\Guy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\Guy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\Guy\ntuser.dat [Open Failed]
C:\Documents and Settings\Guy\ntuser.dat.LOG [Open Failed]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>arrow1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>arrow2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bck1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bck2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt11.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt12.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt13.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt21.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt22.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt23.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt31.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt32.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt33.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt41.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt42.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt43.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt51.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt52.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt53.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt61.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt62.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>checkbox1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>checkbox2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>checkbox3.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>checkbox4.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>default.skn [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>defbtn1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>defbtn2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>defbtn3.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph3.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph4.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph5.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph6.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph7.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>main.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>preview.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>sprite1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>tab1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>tab2.bmp [Password protected]
C:\WINDOWS\system32\config\default [Open Failed]
C:\WINDOWS\system32\config\default.LOG [Open Failed]
C:\WINDOWS\system32\config\SAM [Open Failed]
C:\WINDOWS\system32\config\SAM.LOG [Open Failed]
C:\WINDOWS\system32\config\SECURITY [Open Failed]
C:\WINDOWS\system32\config\SECURITY.LOG [Open Failed]
C:\WINDOWS\system32\config\software [Open Failed]
C:\WINDOWS\system32\config\software.LOG [Open Failed]
C:\WINDOWS\system32\config\system [Open Failed]
C:\WINDOWS\system32\config\system.LOG [Open Failed]
___________________________________________________________
Infected Files
___________________________________________________________
----[ Infected Files ]------------
Virus: Exploit.ADODB.Stream.Gen
C:\Documents and Settings\Guy\Local Settings\Temporary Internet Files\Content.IE5\N6YQGS56\eied_s7[1].chm=>/eied_s7.htm
Virus: Trojan.Downloader.Agent.DF
C:\WINDOWS\system32\clickspring.exe=>(NSIS o)=>zlib_nsis0002
Virus: Trojan.Downloader.QDown.J
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\030A4E9B=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\168C2ADA.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\183966C2.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35FD6ADE.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43103502.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BE64BE4.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D9F7D41=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61341866.exe=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65B06CE8=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BC65BA8.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\743376EF.tmp=>(Quarantine-2)
Virus: Trojan.Downloader.Vivia.C
C:\WINDOWS\system32\ielreg.exe
Virus: Trojan.Downloader.Vivia.I
C:\WINDOWS\system32\lzreg.exe
Virus: Trojan.Downloader.Vivia.J
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090A47B0.exe=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090D71AD.exe=>(Quarantine-2)
___________________________________________________________
Results after ROUND 1
___________________________________________________________
Scan started: Tuesday, April 26, 2005 20:47:43
Scan duration: 0 days, 00 hours, 00 minutes, 02 seconds
Infections solved: 15
Infections left: 2
Viruses left: 2
----[ Files Solved ]------------
Virus: Trojan.Downloader.QDown.J
Status: Deleted
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\030A4E9B=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\168C2ADA.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\183966C2.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35FD6ADE.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43103502.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BE64BE4.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D9F7D41=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61341866.exe=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65B06CE8=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BC65BA8.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\743376EF.tmp=>(Quarantine-2)
Virus: Trojan.Downloader.Vivia.C
Status: Deleted
C:\WINDOWS\system32\ielreg.exe
Virus: Trojan.Downloader.Vivia.I
Status: Deleted
C:\WINDOWS\system32\lzreg.exe
Virus: Trojan.Downloader.Vivia.J
Status: Deleted
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090A47B0.exe=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090D71AD.exe=>(Quarantine-2)
----[ Files Still Infected ]------------
Virus: Exploit.ADODB.Stream.Gen
Status: Deletion Failed
C:\Documents and Settings\Guy\Local Settings\Temporary Internet Files\Content.IE5\N6YQGS56\eied_s7[1].chm=>/eied_s7.htm
Virus: Trojan.Downloader.Agent.DF
Status: Deletion Failed
C:\WINDOWS\system32\clickspring.exe=>(NSIS o)=>zlib_nsis0002
___________________________________________________________
Results after ROUND 2
___________________________________________________________
Scan started: Tuesday, April 26, 2005 20:56:20
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Infections solved: 0
Infections left: 2
Viruses left: 2
----[ Files Still Infected ]------------
Virus: Exploit.ADODB.Stream.Gen
Status: Disinfect Failed
C:\Documents and Settings\Guy\Local Settings\Temporary Internet Files\Content.IE5\N6YQGS56\eied_s7[1].chm=>/eied_s7.htm
Virus: Trojan.Downloader.Agent.DF
Status: Disinfect Failed
C:\WINDOWS\system32\clickspring.exe=>(NSIS o)=>zlib_nsis0002
___________________________________________________________
Results after ROUND 3
___________________________________________________________
Scan started: Tuesday, April 26, 2005 20:56:32
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Infections solved: 0
Infections left: 2
Viruses left: 2
----[ Files Still Infected ]------------
Virus: Exploit.ADODB.Stream.Gen
Status: Failed moving to quarantine
C:\Documents and Settings\Guy\Local Settings\Temporary Internet Files\Content.IE5\N6YQGS56\eied_s7[1].chm=>/eied_s7.htm
Virus: Trojan.Downloader.Agent.DF
Status: Failed moving to quarantine
C:\WINDOWS\system32\clickspring.exe=>(NSIS o)=>zlib_nsis0002
Thanks again for helping out!
G