Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TSA, computer/internet slows down

Started by glau , Apr 23 2005 06:59 AM

  • Please log in to reply

#1
glau
Posted 23 April 2005 - 06:59 AM

glau

    New Member

  • Member
  • Pip
  • 2 posts
Since a few months my computer and internet connection slow down. I ran different spyware and virus scans (adaware, spybot, norton,...) but still it slows down. One of the problems iddentified is 'tsa' witch I can't seem to remove (not even mannually). I Hope someone can help. Here's my Hijack this log:

Logfile of HijackThis v1.98.2
Scan saved at 14:49:49, on 23/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\WINDOWS\System32\npvcsbe.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\fgadsm\qnks.exe
C:\WINDOWS\System32\vrirens\pogf.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [Debug ] C:\WINDOWS\SMSS.exe
O4 - HKLM\..\Run: [SurfFastNow] C:\Program Files\SurfFastNow\SurfFastNow.exe
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\npvcsbe.exe
O4 - HKLM\..\Run: [nssysconf] C:\WINDOWS\System32\exqdtga.exe
O4 - HKLM\..\Run: [KazaaBooster] aaDisabled
O4 - HKLM\..\Run: [SrchfstUpdate] C:\WINDOWS\srchupdt.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [33mU3pQ] msfceng.exe
O4 - HKLM\..\Run: [towfezv] C:\WINDOWS\Lbczxs.exe
O4 - HKLM\..\Run: [bmwcni] C:\WINDOWS\System32\pwxloglf\bmwcni.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [qnks] C:\WINDOWS\System32\fgadsm\qnks.exe
O4 - HKLM\..\Run: [qnkmb] C:\WINDOWS\System32\ukkg\qnkmb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [pogf] C:\WINDOWS\System32\vrirens\pogf.exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Guy\Local Settings\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Onee] C:\Documents and Settings\Guy\Application Data\ugz?.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...296/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4EDA7B-D289-4D39-B3B6-FCC7D2A1C1CC}: NameServer = 195.238.2.22 195.238.2.21
  • 0

Advertisements

#2
Metallica
Posted 23 April 2005 - 12:19 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi glau,

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [Debug ] C:\WINDOWS\SMSS.exe

O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\npvcsbe.exe
O4 - HKLM\..\Run: [nssysconf] C:\WINDOWS\System32\exqdtga.exe
O4 - HKLM\..\Run: [KazaaBooster] aaDisabled
O4 - HKLM\..\Run: [SrchfstUpdate] C:\WINDOWS\srchupdt.exe

O4 - HKLM\..\Run: [33mU3pQ] msfceng.exe
O4 - HKLM\..\Run: [towfezv] C:\WINDOWS\Lbczxs.exe
O4 - HKLM\..\Run: [bmwcni] C:\WINDOWS\System32\pwxloglf\bmwcni.exe

O4 - HKLM\..\Run: [qnks] C:\WINDOWS\System32\fgadsm\qnks.exe
O4 - HKLM\..\Run: [qnkmb] C:\WINDOWS\System32\ukkg\qnkmb.exe

O4 - HKLM\..\Run: [pogf] C:\WINDOWS\System32\vrirens\pogf.exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe

O4 - HKCU\..\Run: [Onee] C:\Documents and Settings\Guy\Application Data\ugz?.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe


Reboot into safe mode and delete:
C:\PROGRAM FILES\COMMON FILES\tsa <= entire folder
C:\Program Files\Common Files\eAcceleration <= entire folder

Run a virus scan, use ActiveScan - Save the results from the scan!

Then get the latest version of HijackThis 1.99.1 and post a new log as well.

Regards,

Pieter
  • 0

#3
glau
Posted 26 April 2005 - 01:28 PM

glau

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks Pieter. I did as you told. I was not able to download the Panda scanner so used the Bullguard-scan. My internet connection stays very slow. Any explantation in running applications/spyware/other? Here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 21:18:41, on 26/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [SurfFastNow] C:\Program Files\SurfFastNow\SurfFastNow.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Guy\Local Settings\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...296/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4EDA7B-D289-4D39-B3B6-FCC7D2A1C1CC}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

___________________________________________________________

BullGuard Scan Report
Scan Profile: "My Computer"
___________________________________________________________


----[ System Info ]------------

OS Version: Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Physical memory: 256 MB
System up-time: 0 days, 01 hours, 37 minutes, 26 seconds
BullGuard up-time: 0 days, 01 hours, 34 minutes, 59 seconds
TopLayer Version: 5.0.2.0
FileSpy Version: 1.0.0.3
MailProxy Version: N/A
AntiVirus Version: 5.0.2.1

----[ Scan Parameters ]------------

Folders to scan:
C:\

Excluded folders:
None

Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:

[X] Exclude user extensions: lnk

[X] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[X] Enable heuristic detection
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started: Tuesday, April 26, 2005 16:32:50
Scan duration: 0 days, 01 hours, 32 minutes, 58 seconds
Completion status: Successful

Total files scanned: 203107
Total files skipped: 129
Identified viruses: 6
Scan speed: 36.41 files/sec

Files skipped:
C:\Documents and Settings\All Users\Application Data\bg500000.tmp [Open Failed]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia2.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia2.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia3.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia3.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia4.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia4.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia5.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia5.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\INetSpeak.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\INetSpeak.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE1.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE1.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE2.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE2.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE3.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE3.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE4.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE4.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE5.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE5.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE6.zip=>WindowsIE.dll [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE6.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE7.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsIE7.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer.zip=>sbRecovery.reg [Password protected]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer.zip=>sbRecovery.ini [Password protected]
C:\Documents and Settings\Guy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\Guy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\Guy\ntuser.dat [Open Failed]
C:\Documents and Settings\Guy\ntuser.dat.LOG [Open Failed]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp [Password protected]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>arrow1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>arrow2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bck1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bck2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt11.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt12.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt13.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt21.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt22.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt23.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt31.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt32.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt33.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt41.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt42.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt43.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt51.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt52.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt53.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt61.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>bt62.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>checkbox1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>checkbox2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>checkbox3.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>checkbox4.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>default.skn [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>defbtn1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>defbtn2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>defbtn3.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph2.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph3.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph4.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph5.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph6.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>glyph7.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>main.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>preview.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>sprite1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>tab1.bmp [Password protected]
C:\Program Files\lime\aawsepersonal.exe=>wise0023=>tab2.bmp [Password protected]
C:\WINDOWS\system32\config\default [Open Failed]
C:\WINDOWS\system32\config\default.LOG [Open Failed]
C:\WINDOWS\system32\config\SAM [Open Failed]
C:\WINDOWS\system32\config\SAM.LOG [Open Failed]
C:\WINDOWS\system32\config\SECURITY [Open Failed]
C:\WINDOWS\system32\config\SECURITY.LOG [Open Failed]
C:\WINDOWS\system32\config\software [Open Failed]
C:\WINDOWS\system32\config\software.LOG [Open Failed]
C:\WINDOWS\system32\config\system [Open Failed]
C:\WINDOWS\system32\config\system.LOG [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[ Infected Files ]------------

Virus: Exploit.ADODB.Stream.Gen
C:\Documents and Settings\Guy\Local Settings\Temporary Internet Files\Content.IE5\N6YQGS56\eied_s7[1].chm=>/eied_s7.htm

Virus: Trojan.Downloader.Agent.DF
C:\WINDOWS\system32\clickspring.exe=>(NSIS o)=>zlib_nsis0002

Virus: Trojan.Downloader.QDown.J
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\030A4E9B=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\168C2ADA.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\183966C2.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35FD6ADE.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43103502.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BE64BE4.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D9F7D41=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61341866.exe=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65B06CE8=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BC65BA8.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\743376EF.tmp=>(Quarantine-2)

Virus: Trojan.Downloader.Vivia.C
C:\WINDOWS\system32\ielreg.exe

Virus: Trojan.Downloader.Vivia.I
C:\WINDOWS\system32\lzreg.exe

Virus: Trojan.Downloader.Vivia.J
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090A47B0.exe=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090D71AD.exe=>(Quarantine-2)

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started: Tuesday, April 26, 2005 20:47:43
Scan duration: 0 days, 00 hours, 00 minutes, 02 seconds
Infections solved: 15
Infections left: 2
Viruses left: 2

----[ Files Solved ]------------

Virus: Trojan.Downloader.QDown.J
Status: Deleted
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\030A4E9B=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\168C2ADA.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\183966C2.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35FD6ADE.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43103502.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4BE64BE4.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D9F7D41=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61341866.exe=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65B06CE8=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BC65BA8.tmp=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\743376EF.tmp=>(Quarantine-2)

Virus: Trojan.Downloader.Vivia.C
Status: Deleted
C:\WINDOWS\system32\ielreg.exe

Virus: Trojan.Downloader.Vivia.I
Status: Deleted
C:\WINDOWS\system32\lzreg.exe

Virus: Trojan.Downloader.Vivia.J
Status: Deleted
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090A47B0.exe=>(Quarantine-2)
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\090D71AD.exe=>(Quarantine-2)

----[ Files Still Infected ]------------

Virus: Exploit.ADODB.Stream.Gen
Status: Deletion Failed
C:\Documents and Settings\Guy\Local Settings\Temporary Internet Files\Content.IE5\N6YQGS56\eied_s7[1].chm=>/eied_s7.htm

Virus: Trojan.Downloader.Agent.DF
Status: Deletion Failed
C:\WINDOWS\system32\clickspring.exe=>(NSIS o)=>zlib_nsis0002

___________________________________________________________

Results after ROUND 2
___________________________________________________________

Scan started: Tuesday, April 26, 2005 20:56:20
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Infections solved: 0
Infections left: 2
Viruses left: 2

----[ Files Still Infected ]------------

Virus: Exploit.ADODB.Stream.Gen
Status: Disinfect Failed
C:\Documents and Settings\Guy\Local Settings\Temporary Internet Files\Content.IE5\N6YQGS56\eied_s7[1].chm=>/eied_s7.htm

Virus: Trojan.Downloader.Agent.DF
Status: Disinfect Failed
C:\WINDOWS\system32\clickspring.exe=>(NSIS o)=>zlib_nsis0002

___________________________________________________________

Results after ROUND 3
___________________________________________________________

Scan started: Tuesday, April 26, 2005 20:56:32
Scan duration: 0 days, 00 hours, 00 minutes, 00 seconds
Infections solved: 0
Infections left: 2
Viruses left: 2

----[ Files Still Infected ]------------

Virus: Exploit.ADODB.Stream.Gen
Status: Failed moving to quarantine
C:\Documents and Settings\Guy\Local Settings\Temporary Internet Files\Content.IE5\N6YQGS56\eied_s7[1].chm=>/eied_s7.htm

Virus: Trojan.Downloader.Agent.DF
Status: Failed moving to quarantine
C:\WINDOWS\system32\clickspring.exe=>(NSIS o)=>zlib_nsis0002


Thanks again for helping out!
G
  • 0

#4
Metallica
Posted 26 April 2005 - 02:11 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Personally I'm not very fond of BullGuard, but that';s a matter of personal taste I guess. :tazz:

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file path listed below

C:\WINDOWS\system32\clickspring.exe
Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.

Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

Download, install, and run CleanUp!

Reboot and let me know how it goes then.

Regards,

Pieter
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP