Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A bit inexperienced here... [CLOSED] [RESOLVED]


  • This topic is locked This topic is locked

#1
pave the planet

pave the planet

    Member

  • Member
  • PipPip
  • 16 posts
Hi everybody--I've been sitting here for eight hours trying to figure out what to do with this computer: you can't "End Process" of the obvious problems that Ad-Aware found, and I had to start in safe mode to keep HJT from immediately shutting down.

Any attention to my log would be greatly appreciated...

Firefox Fan

Logfile of HijackThis v1.99.1
Scan saved at 5:06:03 PM, on 7/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\Documents and Settings\TEMP.HP762.000\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart IE_SEQUENCE first
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WindowsRegKey upd4te2d4te] ufspalssw.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [HP Photo Manager] HPPhotoManager.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [W32data] eworo.exe
O4 - HKLM\..\Run: [Microsoft Windows Registry Service] wregistry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [USB Driver4] UpdateXP2.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitednv32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton SystemWorks\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\RunServices: [WindowsRegKey upd4te2d4te] ufspalssw.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [HP Photo Manager] HPPhotoManager.exe
O4 - HKLM\..\RunServices: [W32data] eworo.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Registry Service] wregistry.exe
O4 - HKLM\..\RunServices: [USB Driver4] UpdateXP2.exe
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [W32data] eworo.exe
O4 - HKCU\..\RunOnce: [W32data] eworo.exe
O4 - Startup: AutoPlay.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Verizon Online Help & Support.lnk = C:\Program Files\Verizon Online\Help Support\bin\matcli.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120142871092
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: iTunes Music Service (iTunesMusic) - Apple - C:\WINDOWS\iTunesMusic.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: W32data (uld3r.q8hell.org) - Unknown owner - C:\WINDOWS\System32\eworo.exe" -netsvcs (file missing)
  • 0

Advertisements


#2
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi Pave the planet and welcome to Geeks To Go :tazz:

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
pave the planet

pave the planet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
John, you're brilliant! Got SP1a on the machine, and desperately needed files reappeared!

I also stumbled upon the "read this before posting a HJT log" instructions, and followed them, (Some time later, but very easy overall--) a bit belatedly.

But, my computer is behaving much better now, so I just want to see if I'm clean before going to SP2: here are my HiJack This and ewido logs, respectively--

Many thanks for your attention--

Paver

Logfile of HijackThis v1.99.1
Scan saved at 6:38:33 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
C:\Program Files\QuickBooks Online Backup\OLlaunch.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
C:\Program Files\Verizon Online\Help Support\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart IE_SEQUENCE first
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WindowsRegKey upd4te2d4te] ufspalssw.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [HP Photo Manager] HPPhotoManager.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [W32data] eworo.exe
O4 - HKLM\..\Run: [Microsoft Windows Registry Service] wregistry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [USB Driver4] UpdateXP2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [WindowsRegKey upd4te2d4te] ufspalssw.exe
O4 - HKLM\..\RunServices: [HP Photo Manager] HPPhotoManager.exe
O4 - HKLM\..\RunServices: [W32data] eworo.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Registry Service] wregistry.exe
O4 - HKLM\..\RunServices: [USB Driver4] UpdateXP2.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] ufspalssw.exe
O4 - HKCU\..\Run: [HP Photo Manager] HPPhotoManager.exe
O4 - HKCU\..\Run: [W32data] eworo.exe
O4 - HKCU\..\Run: [USB Driver4] UpdateXP2.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Verizon Online Help & Support.lnk = C:\Program Files\Verizon Online\Help Support\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120142871092
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122565360374
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: QuickBooks Online Backup RegCap (OLRegCap) - Intuit, Inc. - C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
O23 - Service: QuickBooks Online Backup Launcher (QuickBooks Online BackupLauncher) - Intuit, Inc. - C:\Program Files\QuickBooks Online Backup\OLlaunch.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:03:37 PM, 7/28/2005
+ Report-Checksum: F07FB543

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CABCF5E7-0C79-4F1C-909D-B9CF68FED746} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{DB9A4E78-35DF-4A54-B6C5-C5190CEAF949} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WSG.WSGObj -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WSG.WSGObj\Clsid -> Spyware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-4087772427-2448387204-163748893-1003\Software\LQ -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
[1088] C:\WINDOWS\System32\eworo.exe -> Backdoor.SdBot.xm : Cleaned with backup
[2496] C:\WINDOWS\System32\ufspalssw.exe -> Backdoor.Rbot : Cleaned with backup
[2680] C:\WINDOWS\System32\wregistry.exe -> Backdoor.Rbot.kd : Cleaned with backup
[2692] C:\WINDOWS\System32\wregistry.exe -> Backdoor.Rbot.kd : Error during cleaning
[3400] VM_005F1000 -> Backdoor.Rbot : Error during cleaning
C:\cash.exe -> Trojan.LowZones : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\Symantec\Shared\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63a6e92v.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63a6e92v.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63a6e92v.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63a6e92v.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63a6e92v.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63a6e92v.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63a6e92v.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63a6e92v.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\msdirectx.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\ied_s7.cab/ied_s7_c_7.exe -> TrojanDownloader.Mediket.r : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Art Explosion\Greeting Card Factory\Shared32Dll\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Broderbund\The Print Shop\SHARED\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Borland Shared\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Broderbund\SharedAppFiles\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Works Shared\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Scansoft Shared\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Smith Micro Shared\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\Symantec Shared\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\WinAmp 6 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Windown Longhorn Beta Leak.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\Windows Sourcecode update.doc.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Common Files\xing shared\XXX hardcore images.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\ACDSee 9.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\Adobe Photoshop 9 fu‚‚.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\Ahead Nero 7.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\Matrix 3 Revolution English Subtitles.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\Microsoft Office 2003 Crack, Working!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\Microsoft Office XP working Crack, Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\Microsoft Windows XP, WinXP Crack, working Keygen.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\Opera 8 New!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\[bleep] pics arhive, xxx.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\[bleep] Screensaver.scr -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\[bleep], sex, oral, anal cool, awesome!!.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\Serials.txt.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\WinAmp 5 Pro Keygen Crack Update.exe -> Worm.Bagle.au : Cleaned with backup
C:\Program Files\Corel\Shared\WinAmp 6 New!.exe -> Worm.Bagle.au
  • 0

#4
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Nope not entirely clean just yet, but looking much better :tazz:

Please run this application.

Step 1:
Download the eScan Antivirus Toolkit Here. Save it to the Desktop, it is 9.55MB in size.
Before running the program we need to update the signature files first in Step 2.

Step 2:
Updating the eScan Antivirus Toolkit with the latest files:

1.) Double-click on the mwav.exe file saved to the Desktop; it will extract the program files to new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky.)

2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file. Double-clicking on the kavupd.exe file opens the Windows command prompt (DOS screen) and updates the program with all the latest signature files. By default, the update process creates a folder on the root of the C:\drive called Downloads. This is where the updated files are placed.

3.) After the update is complete, the bottom of the command prompt will read "Press any key to continue", click any key to close the screen. Now, copy and paste the new updated signature files from the C:\Downloads folder to the C:\Kaspersky folder where eScan originally extracted the antivirus program files.

Please do not run a scan with the eScan Antivirus Toolkit utility yet.

Step 3:
Please reboot into Safe Mode.

Reboot your computer in safe mode

Step 4:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:

1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.

2.) Double-click on the mwavscan.com file; this will open the eScan program.

3.) With the eScan interface on your Desktop, make sure that the boxes under Scan Option, Memory, Registry, Startup Folders, System Folders, Services, are checked.

4.) Check the Drive box, this will create a another Drive box below it, check this second Drive box as well, now a large window across from the second Drive box appears. In this window use the drop-down arrow and choose the drive letter of your hard drive, usually C:\.

5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.

6.) Click the Scan Clean (or Scan) button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed.

And thanks to SirJon for this great writeup.

After that please reboot and send me a new log. ;)
  • 0

#5
pave the planet

pave the planet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello again--

I'm so impressed with the thoroughness of your work...thanks a million for the effort. I've done exactly as you said, and post the HJT log here. Did you also need an ewido scan log? I can easily provide one.

Many thanks,
Paver

Logfile of HijackThis v1.99.1
Scan saved at 6:55:53 PM, on 7/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
C:\Program Files\QuickBooks Online Backup\OLlaunch.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Verizon Online\Help Support\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [Microsoft Windows Registry Service] wregistry.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [USB Driver4] UpdateXP2.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Verizon Online Help & Support.lnk = C:\Program Files\Verizon Online\Help Support\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120142871092
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122565360374
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QuickBooks Online Backup RegCap (OLRegCap) - Intuit, Inc. - C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
O23 - Service: QuickBooks Online Backup Launcher (QuickBooks Online BackupLauncher) - Intuit, Inc. - C:\Program Files\QuickBooks Online Backup\OLlaunch.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#6
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Nope not necessary :tazz:

Give me a couple of minutes and will have something posted for you.

Edited by John_L, 30 July 2005 - 05:23 PM.

  • 0

#7
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Ok a couple more small things to take care of.

Please download this tool and run it.

Trojan Remover (Free for 30 days)

After that go into your task manager to the processes tab and delete these if running.

wregistry.exe
UpdateXP2.exe


Fire up hijack this, press scan only and place checks next to these.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/
O4 - HKLM\..\RunServices: [Microsoft Windows Registry Service] wregistry.exe
O4 - HKCU\..\Run: [USB Driver4] UpdateXP2.exe


close all browsers and click fix on hijack this.

Reboot and send me a new log please. :tazz:
  • 0

#8
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

This topic has been reopened at user request


We can once again post to this log jay.

Please provide a new hijack log for me to look at.

Edited by John_L, 06 August 2005 - 11:20 AM.

  • 0

#9
pave the planet

pave the planet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi John--

Here's the log, with baited breath. When I went to turn off the wregistry.exe and Updatexp2.exe in the Process manager, they weren't there...this is a good thing, right? Also, the O4 - HKLM\..\RunServices: [Microsoft Windows Registry Service] wregistry.exe was not in the HJT list. Is this another malicious manifestation of these bugs in my computer? :tazz:

Again, many thanks...
Jay

Logfile of HijackThis v1.99.1
Scan saved at 1:24:44 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickBooks Online Backup\OLlaunch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
C:\Program Files\Verizon Online\Help Support\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Verizon Online Help & Support.lnk = C:\Program Files\Verizon Online\Help Support\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120142871092
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1122565360374
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: QuickBooks Online Backup RegCap (OLRegCap) - Intuit, Inc. - C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
O23 - Service: QuickBooks Online Backup Launcher (QuickBooks Online BackupLauncher) - Intuit, Inc. - C:\Program Files\QuickBooks Online Backup\OLlaunch.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#10
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Well Jay I'm good with that if you are, nothing else seems out of place. How's the machine running? better I bet :tazz:
  • 0

#11
pave the planet

pave the planet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
John, this thing runs like molasses on hot blacktop. ( I collect colloquialisms as a hobby).
I really appreciate your time and thoughtfulness--You've been a big help.

Is there something like feedback or something that I can do to publicly boost your reputation? I'd be a willing member of the peanut gallery in the pro-John category.

Thanks again,
Jay
  • 0

#12
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Well jay just go into the off topic of the board located here.

http://www.geekstogo...-Topic-f16.html

And post away.

Your very welcome for the help, i just live to hear good things when we finished as it makes this job just that much easier. ;)

I will now add a finishing speech and we can conclude this. Have a great day. :tazz:

Since your issues have been addressed and you are ready to travel the net again, I will just give you a few ideas on how to stay safe out there. Best of all these programs are all readily available on the net for free :)

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:

Spyware Blaster Spyware Guard

Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE--Adaware Tutorial

Spybot S&D--Spybot Tutorial

Antiviruses play an important role in keeping your computer safe and worry free while using the net. *NOTE* Only one antivirus must be allowed to run on your computer, as having two or more running can and will cause conflicts.

AVG Avast

Firewalls are also a must in any good prevention :

Zone Alarm Sygate Kerio

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox Opera

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

This can be accessed by going to Windows Updates and following the prompts.

To add to the performance of your computer, i suggest a weekly maintenance program. Run this tool. Ccleaner

Lastly a second opinion on the Antivirus that you have chosen. I suggest running these online virus scans periodically, just to make sure that the av is doing a proper job, of keeping you safe :

Rav Online Scan Housecall Online Scan Panda Activescan

Housecall Java Online Scan<---For those who use Firefox

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein and dvk01)

Good luck and safe surfing :(
  • 0

#13
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP