[halcon]

my computer has been taken over. in fact, I can't even access the forums from the computer with the problem. I've had to burn a disc with all the reports, so I can post the logs fromn another computer.

I have run the programs you normally ask for (Panda active scan, Hijack, and ewido). before I did that I ran search and destroy and ad aware

here are the reports please help. I will post them as replies asthey will not all fit here

hijack this file

Logfile of HijackThis v1.99.1
Scan saved at 7:13:46 PM, on 2/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PaulB\GetHotmail\GetMail\GetMail.exe
C:\Program Files\Hotmail Popper\hotpop.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Documents and Settings\Allan\Desktop\platis6shuk.exe
C:\DOCUME~1\Allan\LOCALS~1\Temp\WZSE2.TMP\install.exe
C:\DOCUME~1\Allan\LOCALS~1\Temp\WZSE2.TMP\SETUP.EXE
C:\DOCUME~1\Allan\LOCALS~1\Temp\WZSE2.TMP\SETUP.EXE
C:\Documents and Settings\Allan\Desktop\virus-spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [getmail] "C:\Program Files\PaulB\GetHotmail\GetMail\GetMail.exe"
O4 - Startup: Hotmail Popper.lnk = C:\Program Files\Hotmail Popper\hotpop.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...362/mcfscan.cab
O20 - Winlogon Notify: hpprintx - C:\WINDOWS\SYSTEM32\hpprintx.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Advertisements]

panda scan


Incident Status Location

Virus:Trj/LdPinch.OP Not disinfected Operating system
Possible Virus. Not disinfected C:\WINDOWS\temp\$_3472452.EXE
Virus:W32/Locksky.BX.worm Not disinfected Operating system
Possible Virus. Not disinfected C:\WINDOWS\System32\hpprintx.dll
Adware:adware/adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\1.qtdfmp
Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\SYSTEM32\vx2.nls
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Allan\Local Settings\Temporary Internet Files\Ssk.log
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\satmat.inf
Adware:adware/aurora Not disinfected C:\WINDOWS\abiuninst.htm
Adware:adware/secure32 Not disinfected C:\WINDOWS\country.exe
Adware:adware/twain-tech Not disinfected C:\WINDOWS\satmat.ini
Adware:adware/enhancemsearch Not disinfected C:\WINDOWS\searchen.dat
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\tool1.exe
Adware:adware/transponder Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\DrTemp
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Allan\Application Data\Lycos
Adware:adware/cws.yexe Not disinfected C:\WINDOWS\inet20004
Adware:adware/addestroyer Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AdDestroyer
Adware:adware/savenow Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv
Adware:adware/delfinmedia Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
Adware:adware/portalscan Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Allan\Desktop\virus-spyware\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Allan\Desktop\virus-spyware\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Allan\Desktop\virus-spyware\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Allan\Desktop\virus-spyware\smitRem.exe[Process.exe]
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\1.qtdfmp
Virus:Trj/Dropper.RI Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\145A.tmp
Adware:Adware/Tibs Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\5.qtdfmp
Virus:W32/Locksky.BW.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\1076.tmp
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\200.tmp
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\2652.tmp
Adware:Adware/WinHound Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\3128.tmp
Adware:Adware/WinHound Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4024.tmp
Adware:Adware/WinHound Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4064.tmp
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4104.tmp
Virus:W32/Locksky.BW.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4132.tmp
Virus:W32/Locksky.BW.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4284.tmp
Virus:Trj/LdPinch.OP Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\5804.tmp
Virus:Trj/Downloader.HTW Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\a.exe
Virus:Trj/Dropper.RI Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\B9.tmp
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@apmebf[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@belnk[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@go[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@rightmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@target[2].txt
Virus:W32/Locksky.BT.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\dmx1455.tmp
Possible Virus. Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\khmkppjg.exe
Adware:Adware/WinHound Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\vx1.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\vx2.game
Virus:W32/Locksky.BW.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\vx6.game
Virus:Trj/LdPinch.OP Not disinfected C:\Documents and Settings\Allan\Local Settings\Temporary Internet Files\Content.IE5\EZ27SDE3\lat[1].raw
Virus:Trj/Dropper.RI Not disinfected C:\Documents and Settings\Allan\Local Settings\Temporary Internet Files\Content.IE5\EZ27SDE3\sb84u[1].exe
Virus:Trj/LdPinch.OP Not disinfected C:\Documents and Settings\Allan\Local Settings\Temporary Internet Files\Content.IE5\EZK74L4L\paradise[1].raw
Virus:Trj/Torpig.AH Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
Virus:Trj/Torpig.AG Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
Virus:Trj/Torpig.AE Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\SpyFerret\Archives\BargainsBuddy.cab[Registry.reg]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\SpyFerret\Archives\bb_welcome.cab[bb_welcome.html]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\SpyFerret\Archives\exclean.cab[exclean.exe]
Adware:Adware/IPInsight Not disinfected C:\Program Files\SpyFerret\Archives\farmmext.cab[farmmext.inf]
Adware:Adware/IPInsight Not disinfected C:\Program Files\SpyFerret\Archives\farmmext0.cab[farmmext.inf]
Adware:Adware/IPInsight Not disinfected C:\Program Files\SpyFerret\Archives\farmmext1.cab[farmmext.inf]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\SpyFerret\Archives\icon.cab[icon.gif]
Adware:Adware/MultiMPP Not disinfected C:\Program Files\SpyFerret\Archives\multimpp.cab[multimpp.inf]
Adware:Adware/VirtualBouncer Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\2504041110[1].exe
Adware:Adware/PortalScan Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\bundles[1].exe
Virus:Trj/Downloader.RZ Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\TRACK[1].CHM[track.htm]
Adware:Adware/TopRebates Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\WebRebates_Auto_InstallSilent[1].exe
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\GVJZA0LT\toolbarsm[1].htm
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\JVL7RT0W\prompt[2].php
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\JVL7RT0W\prompt[3].php
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\UHJ0L4B2\toolbar[1].htm
Virus:VBS/Psyme.C Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\WDUN4PUZ\m468us[1][index.htm]
Virus:Trj/Downloader.ACE Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\WDUN4PUZ\m468us[1][index.exe]
Virus:VBS/Psyme.C Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\WDUN4PUZ\m468us[2][index.htm]
Virus:Trj/Downloader.ACE Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\WDUN4PUZ\m468us[2][index.exe]
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\WINDOWS\country.exe
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\DeskAdX.dll
Adware:Adware/BHO Not disinfected C:\WINDOWS\inet20010\__delete_on_reboot__3.01.00.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\satmat.inf
Virus:Trj/Torpig.AD Not disinfected C:\WINDOWS\kl1.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\sachostx.exe
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\satmat.ini
Adware:Adware/WinHound Not disinfected C:\WINDOWS\sysldr32.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\system32\msvcrl.dll
Virus:Trj/LdPinch.OP Not disinfected C:\WINDOWS\system32\paradise.raw.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\system32\sachostc.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\system32\sachostp.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\system32\sachosts.exe
Virus:Trj/LdPinch.OP Not disinfected C:\WINDOWS\system32\symsvcsa.exe
Virus:W32/Locksky.BX.worm Not disinfected C:\WINDOWS\system32\sysvx.exe
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\vxgame1.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxgame2.exe
Virus:W32/Locksky.BW.worm Not disinfected C:\WINDOWS\system32\vxgame6.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxh8jkdq1.exe
Adware:Adware/Tibs Not disinfected C:\WINDOWS\system32\vxh8jkdq5.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\xmltok.dll
Virus:Trj/5sec.F Not disinfected C:\WINDOWS\system32\__delete_on_reboot__vxgame4.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\__delete_on_reboot__vxgamet1.exe
Virus:Trj/Spamer.S Not disinfected C:\WINDOWS\system32\__delete_on_reboot__wancp.dll
Virus:Trj/LdPinch.OP Not disinfected C:\WINDOWS\system32\~update.exe
Virus:W32/Locksky.BW.worm Not disinfected C:\WINDOWS\sysvx_.exe
Possible Virus. Not disinfected C:\WINDOWS\temp\$_3472452.EXE
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\WINDOWS\tool4.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\WINDOWS\tool5.exe

[halcon]

panda scan


Incident Status Location

Virus:Trj/LdPinch.OP Not disinfected Operating system
Possible Virus. Not disinfected C:\WINDOWS\temp\$_3472452.EXE
Virus:W32/Locksky.BX.worm Not disinfected Operating system
Possible Virus. Not disinfected C:\WINDOWS\System32\hpprintx.dll
Adware:adware/adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\1.qtdfmp
Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\SYSTEM32\vx2.nls
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Allan\Local Settings\Temporary Internet Files\Ssk.log
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\satmat.inf
Adware:adware/aurora Not disinfected C:\WINDOWS\abiuninst.htm
Adware:adware/secure32 Not disinfected C:\WINDOWS\country.exe
Adware:adware/twain-tech Not disinfected C:\WINDOWS\satmat.ini
Adware:adware/enhancemsearch Not disinfected C:\WINDOWS\searchen.dat
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\tool1.exe
Adware:adware/transponder Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\DrTemp
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Allan\Application Data\Lycos
Adware:adware/cws.yexe Not disinfected C:\WINDOWS\inet20004
Adware:adware/addestroyer Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AdDestroyer
Adware:adware/savenow Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv
Adware:adware/delfinmedia Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
Adware:adware/portalscan Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Allan\Desktop\virus-spyware\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Allan\Desktop\virus-spyware\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Allan\Desktop\virus-spyware\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Allan\Desktop\virus-spyware\smitRem.exe[Process.exe]
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\1.qtdfmp
Virus:Trj/Dropper.RI Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\145A.tmp
Adware:Adware/Tibs Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\5.qtdfmp
Virus:W32/Locksky.BW.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\1076.tmp
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\200.tmp
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\2652.tmp
Adware:Adware/WinHound Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\3128.tmp
Adware:Adware/WinHound Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4024.tmp
Adware:Adware/WinHound Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4064.tmp
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4104.tmp
Virus:W32/Locksky.BW.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4132.tmp
Virus:W32/Locksky.BW.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4284.tmp
Virus:Trj/LdPinch.OP Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\501517636\5804.tmp
Virus:Trj/Downloader.HTW Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\a.exe
Virus:Trj/Dropper.RI Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\B9.tmp
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@apmebf[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@belnk[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@go[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@rightmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@target[2].txt
Virus:W32/Locksky.BT.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\dmx1455.tmp
Possible Virus. Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\khmkppjg.exe
Adware:Adware/WinHound Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\vx1.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\vx2.game
Virus:W32/Locksky.BW.worm Not disinfected C:\Documents and Settings\Allan\Local Settings\Temp\vx6.game
Virus:Trj/LdPinch.OP Not disinfected C:\Documents and Settings\Allan\Local Settings\Temporary Internet Files\Content.IE5\EZ27SDE3\lat[1].raw
Virus:Trj/Dropper.RI Not disinfected C:\Documents and Settings\Allan\Local Settings\Temporary Internet Files\Content.IE5\EZ27SDE3\sb84u[1].exe
Virus:Trj/LdPinch.OP Not disinfected C:\Documents and Settings\Allan\Local Settings\Temporary Internet Files\Content.IE5\EZK74L4L\paradise[1].raw
Virus:Trj/Torpig.AH Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
Virus:Trj/Torpig.AG Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
Virus:Trj/Torpig.AE Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\SpyFerret\Archives\BargainsBuddy.cab[Registry.reg]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\SpyFerret\Archives\bb_welcome.cab[bb_welcome.html]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\SpyFerret\Archives\exclean.cab[exclean.exe]
Adware:Adware/IPInsight Not disinfected C:\Program Files\SpyFerret\Archives\farmmext.cab[farmmext.inf]
Adware:Adware/IPInsight Not disinfected C:\Program Files\SpyFerret\Archives\farmmext0.cab[farmmext.inf]
Adware:Adware/IPInsight Not disinfected C:\Program Files\SpyFerret\Archives\farmmext1.cab[farmmext.inf]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\SpyFerret\Archives\icon.cab[icon.gif]
Adware:Adware/MultiMPP Not disinfected C:\Program Files\SpyFerret\Archives\multimpp.cab[multimpp.inf]
Adware:Adware/VirtualBouncer Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\2504041110[1].exe
Adware:Adware/PortalScan Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\bundles[1].exe
Virus:Trj/Downloader.RZ Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\TRACK[1].CHM[track.htm]
Adware:Adware/TopRebates Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\WebRebates_Auto_InstallSilent[1].exe
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\GVJZA0LT\toolbarsm[1].htm
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\JVL7RT0W\prompt[2].php
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\JVL7RT0W\prompt[3].php
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\UHJ0L4B2\toolbar[1].htm
Virus:VBS/Psyme.C Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\WDUN4PUZ\m468us[1][index.htm]
Virus:Trj/Downloader.ACE Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\WDUN4PUZ\m468us[1][index.exe]
Virus:VBS/Psyme.C Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\WDUN4PUZ\m468us[2][index.htm]
Virus:Trj/Downloader.ACE Not disinfected C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\WDUN4PUZ\m468us[2][index.exe]
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\WINDOWS\country.exe
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\DeskAdX.dll
Adware:Adware/BHO Not disinfected C:\WINDOWS\inet20010\__delete_on_reboot__3.01.00.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\satmat.inf
Virus:Trj/Torpig.AD Not disinfected C:\WINDOWS\kl1.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\sachostx.exe
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\satmat.ini
Adware:Adware/WinHound Not disinfected C:\WINDOWS\sysldr32.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\system32\msvcrl.dll
Virus:Trj/LdPinch.OP Not disinfected C:\WINDOWS\system32\paradise.raw.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\system32\sachostc.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\system32\sachostp.exe
Virus:W32/Locksky.BT.worm Not disinfected C:\WINDOWS\system32\sachosts.exe
Virus:Trj/LdPinch.OP Not disinfected C:\WINDOWS\system32\symsvcsa.exe
Virus:W32/Locksky.BX.worm Not disinfected C:\WINDOWS\system32\sysvx.exe
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\vxgame1.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxgame2.exe
Virus:W32/Locksky.BW.worm Not disinfected C:\WINDOWS\system32\vxgame6.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxh8jkdq1.exe
Adware:Adware/Tibs Not disinfected C:\WINDOWS\system32\vxh8jkdq5.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\xmltok.dll
Virus:Trj/5sec.F Not disinfected C:\WINDOWS\system32\__delete_on_reboot__vxgame4.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\__delete_on_reboot__vxgamet1.exe
Virus:Trj/Spamer.S Not disinfected C:\WINDOWS\system32\__delete_on_reboot__wancp.dll
Virus:Trj/LdPinch.OP Not disinfected C:\WINDOWS\system32\~update.exe
Virus:W32/Locksky.BW.worm Not disinfected C:\WINDOWS\sysvx_.exe
Possible Virus. Not disinfected C:\WINDOWS\temp\$_3472452.EXE
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\WINDOWS\tool4.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\WINDOWS\tool5.exe

[halcon]

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:54:25 AM, 2/20/2006
+ Report-Checksum: 100AC5E3

+ Scan result:

HKLM\SOFTWARE\Classes\Replace.HBO -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CLSID -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CurVer -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SyncroAdX.Installer -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\SyncroAdX.Installer\CLSID -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinStatX.Installer -> Adware.WinTaskAd : Cleaned with backup
HKLM\SOFTWARE\Classes\WinStatX.Installer\CLSID -> Adware.WinTaskAd : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1482476501-1364589140-682003330-1003\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned with backup
[936] C:\WINDOWS\inet20010\3.01.00.dll -> Adware.Ihbo : Cleaned with backup
[2012] C:\WINDOWS\System32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.bj : Cleaned with backup
C:\Documents and Settings\Allan\Desktop\virus-spyware\backups\backup-20060219-231755-423.dll -> Adware.Ihbo : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\144F.tmp -> Downloader.Small.cgy : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\1450.tmp -> Proxy.Agent.hs : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\1453.tmp -> Dropper.Small.ahg : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\2.qtdfmp -> Not-A-Virus.Hoax.Win32.Renos.bj : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\1128.tmp -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\1928.tmp -> Worm.Locksky.ag : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\204.tmp -> Downloader.Small.cds : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\3808.tmp -> Downloader.Small.cgy : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\404.tmp -> Downloader.Small.cgy : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4092.tmp -> Dropper.Agent.abu : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4100.tmp -> Dropper.Agent.abu : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4108.tmp -> Worm.Locksky.ag : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4112.tmp -> Downloader.Small.cgy : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4144.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\4148.tmp -> Worm.Locksky.ag : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\428.tmp -> Downloader.Tiny.ba : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\501517636\584.tmp -> Downloader.Small.cds : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\6.qtdfmp -> Downloader.Small.atl : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\7.qtdfmp -> Downloader.Tibs.bu : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\Cookies\allan@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\lbdhbchc.exe -> Downloader.Tibs.cq : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\maxdd.game -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\vx3.game -> Downloader.Small.cgy : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\vx4.game -> Worm.Locksky.ag : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\vxt1.game -> Downloader.Small.cds : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\vxt3.game -> Dropper.Agent.abu : Cleaned with backup
C:\Documents and Settings\Allan\Local Settings\Temp\vxt4.game -> Downloader.Tiny.ba : Cleaned with backup
C:\Program Files\Aprps -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_21-06-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\atl.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\CxtPls.exe -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\data.bin -> Adware.Apropos : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Downloader.Small.wj : Cleaned with backup
C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-1003\Dc405.exe -> Not-A-Virus.Hoax.Win32.Renos.au : Cleaned with backup
C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-1003\Dc408.exe -> Trojan.LowZones.df : Cleaned with backup
C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\0LS9ENSD\Fire[1].html -> Downloader.Iwill.m : Cleaned with backup
C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\shopinst[1].exe -> Downloader.Small.wj : Cleaned with backup
C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\8RBRU09L\TrafficSpec8[1].exe -> Dropper.Small.sc : Cleaned with backup
C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\U57GP8FY\index[8].htm -> Downloader.Iwill.m : Cleaned with backup
C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\UHJ0L4B2\bobsplace[1] -> Downloader.Iwill.m : Cleaned with backup
C:\RECYCLER\S-1-5-21-1482476501-1364589140-682003330-500\Dc66.IE5\WDQ78T6B\roomthemes[2].html -> Downloader.Iwill.m : Cleaned with backup
C:\WINDOWS\inet20010\3.01.00.dll -> Adware.Ihbo : Cleaned with backup
C:\WINDOWS\inet20010\alg.exe -> Worm.Delf.i : Cleaned with backup
C:\WINDOWS\inet20010\alg.exe.bak -> Worm.Delf.i : Cleaned with backup
C:\WINDOWS\inet20010\services.exe -> Downloader.Small.cgy : Cleaned with backup
C:\WINDOWS\inet20010\winlogon.exe -> Downloader.CWS.s : Cleaned with backup
C:\WINDOWS\ms1.exe -> Downloader.Agent.aea : Cleaned with backup
C:\WINDOWS\smss.exe -> Heuristic.Win32.HostFile : Cleaned with backup
C:\WINDOWS\system\svwhost.exe -> Backdoor.Agent.qr : Cleaned with backup
C:\WINDOWS\system32\ak64bta.dll -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\system32\child.dll -> Downloader.Small.bug : Cleaned with backup
C:\WINDOWS\system32\ib6.dll -> Logger.Banker.mm : Cleaned with backup
C:\WINDOWS\system32\kernels64.exe -> Downloader.Tibs.cq : Cleaned with backup
C:\WINDOWS\system32\lib.exe -> Trojan.LowZones.df : Cleaned with backup
C:\WINDOWS\system32\maxd64.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\qvxgamet2.exe -> Trojan.Agent.fg : Cleaned with backup
C:\WINDOWS\system32\spoolsvv.exe -> Worm.Locksky.ag : Cleaned with backup
C:\WINDOWS\system32\ssldr32.dll -> Proxy.Agent.hs : Cleaned with backup
C:\WINDOWS\system32\vxgame3.exe -> Downloader.Small.cgy : Cleaned with backup
C:\WINDOWS\system32\vxgame4.exe -> Worm.Locksky.ag : Cleaned with backup
C:\WINDOWS\system32\vxgamet1.exe -> Downloader.Small.cds : Cleaned with backup
C:\WINDOWS\system32\vxgamet3.exe -> Dropper.Agent.abu : Cleaned with backup
C:\WINDOWS\system32\vxgamet4.exe -> Downloader.Tiny.ba : Cleaned with backup
C:\WINDOWS\system32\vxgamet4.exe51200.exe -> Backdoor.Agent.qr : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.bj : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq7.exe -> Downloader.Tibs.bu : Cleaned with backup
C:\WINDOWS\system32\wancp.dll -> Proxy.Agent.hs : Cleaned with backup
C:\WINDOWS\temp\1.tmp -> Proxy.Agent.hs : Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.bj : Cleaned with backup


::Report End