Possible Virus?

**Neal** · 28-03-2006

I'm not sure about Outlook but uninstall spybot and adaware and re-install and see if that makes a difference.

Your log is clean.

We may have to send you over to the other part of this forum where they specialize in that kind of issue(OUTLOOK)

**Waleslie** · 30-03-2006

Reinstalling Spybot does not fix the problem.

I read up on the "Socket error 10061" that Spybot is reporting and I'm guessing that the virus disabled some ports and that's why nothing can contact servers to update (spybot, antivirus, outlook, etc.)

What next?

**Neal** · 30-03-2006

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
=============================================
If you use Firefox Browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

=============================================
If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

=============================================

Run the ATF cleaner from safe mode please by tapping F8 key on restart and select safe mode then run the cleaner.

Then give me another Panda scan log after the ATF cleaner

Also...

http://www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
*Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

**Waleslie** · 30-03-2006

Here we go again...

Panda ActiveScan just shows some cookies:

Incident Status Location

Spyware:Cookie/Maxserving Not disinfected D:\Documents and Settings\Cathy\Application Data\Netscape\NSB\Profiles\rd2hnsc9.default\cookie s.txt[]
Spyware:Cookie/Belnk Not disinfected D:\Documents and Settings\Cathy\Cookies\cathy@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Cathy\Cookies\cathy@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected D:\Documents and Settings\Cathy\Cookies\cathy@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Documents and Settings\Cathy\Cookies\cathy@belnk[1].txt
Spyware:Cookie/360i Not disinfected D:\Documents and Settings\Cathy\Cookies\cathy@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Documents and Settings\Cathy\Cookies\cathy@dist.belnk[1].txt
Spyware:Cookie/Errorguard Not disinfected D:\Documents and Settings\Cathy\Cookies\cathy@errorguard[2].txt
Spyware:Cookie/Target Not disinfected D:\Documents and Settings\Cathy\Cookies\cathy@target[1].txt
Spyware:Cookie/Tucows Not disinfected D:\Documents and Settings\Copy of Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[]
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Copy of Will\Cookies\will@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Documents and Settings\Copy of Will\Cookies\will@belnk[1].txt
Spyware:Cookie/Tucows Not disinfected D:\Documents and Settings\Copy of Will\Cookies\will@tucows[1].txt
Spyware:Cookie/Xiti Not disinfected D:\Documents and Settings\Copy of Will\Cookies\will@xiti[1].txt
Spyware:Cookie/Doubleclick Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[S005-01-9-28-233860-106434]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[49124434]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[49124434]
Spyware:Cookie/Hitslink Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[dcsauhh66pifwz3kt81grbj8d_5p7p]
Spyware:Cookie/Mammamediasolutions Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[S146260]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[S008-00-11-20-204853-37351]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[S153481]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[S123612]
Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\Will\Application Data\Netscape\NSB\Profiles\zr2mgkuu.default\cookie s.txt[S151323]
Spyware:Cookie/Adscpm Not disinfected D:\Old Computer\Drive D\Documents and Settings\Cathy\Cookies\cathy@adscpm[1].txt
Spyware:Cookie/Atwola Not disinfected D:\Old Computer\Drive D\Documents and Settings\Cathy\Cookies\cathy@atwola[2].txt
Spyware:Cookie/go Not disinfected D:\Old Computer\Drive D\Documents and Settings\Cathy\Cookies\cathy@go[1].txt
Spyware:Cookie/Rn11 Not disinfected D:\Old Computer\Drive D\Documents and Settings\Cathy\Cookies\cathy@rn11[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected D:\Old Computer\Drive D\Documents and Settings\Cathy\Cookies\cathy@smni[1].txt
Spyware:Cookie/Target Not disinfected D:\Old Computer\Drive D\Documents and Settings\Cathy\Cookies\cathy@target[1].txt
Spyware:Cookie/Eyeblaster Not disinfected D:\Old Computer\Drive D\Documents and Settings\Cathy\Cookies\cathy@www.eyeblaster-ds[2].txt
Spyware:Cookie/Gorillanation Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@ads.gorillanation[1].txt
Spyware:Cookie/Atwola Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@atwola[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@desktop.kazaa[2].txt
Spyware:Cookie/Powerscan Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@gammae[2].txt
Spyware:Cookie/go Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@go[2].txt
Spyware:Cookie/LinkExchange Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@linkexchange[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@offeroptimizer[1].txt
Spyware:Cookie/Rn11 Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@rn11[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@www.affiliatefuel[1].txt
Spyware:Cookie/GangbangSquad Not disinfected D:\Old Computer\Drive D\Documents and Settings\Will\Cookies\will@www.gangbangsquad[1].txt

And now Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 30, 2006 8:01:05 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 30/03/2006
Kaspersky Anti-Virus database records: 184933
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
B:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 163185
Number of viruses found: 26
Number of infected objects: 133
Number of suspicious objects: 0
Duration of the scan process: 02:43:37

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP175\A0071260.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0082294.exe Infected: Trojan-Downloader.Win32.Bagle.aj skipped
C:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0085052.dll Infected: Trojan-Downloader.Win32.Bagle.af skipped
C:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085231.exe Infected: Trojan-Downloader.Win32.Bagle.aj skipped
C:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085259.exe Infected: Trojan-Downloader.Win32.Bagle.aj skipped
D:\Documents and Settings\Copy of Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\Copy of Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml/[From "vin veneracion" <marvilanium@hotmail.com>][Date Fri, 27 Apr 2001 00:33:01 -0700]/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\Copy of Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\Copy of Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\Copy of Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx Mail MS Outlook 5: infected - 4 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Matrix Screensaver\Matrix3D3.01Setup.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\Documents and Settings\Will\Desktop\Stuff\Matrix Screensaver\Matrix3D3.01Setup.exe WiseSFX: infected - 1 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\GETRIGHT\GETR T450.EXE/WISE0092.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\GETRIGHT\GETR T450.EXE WiseSFX: infected - 1 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0025/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0026/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0029/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0030 Infected: Trojan.Win32.Krepper.y skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0032/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0032/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe/data0032 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Kazaa\kmd15_e n.exe Inno: infected - 26 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Windows XP\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Windows XP\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Windows XP\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Windows XP\keyfinder.exe RarSFX: infected - 3 skipped
D:\Documents and Settings\Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml/[From "vin veneracion" <marvilanium@hotmail.com>][Date Fri, 27 Apr 2001 00:33:01 -0700]/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\Will\Local Settings\Application Data\Identities\{53BBB29E-7FBC-4A51-B280-75BAB7F46009}\Microsoft\Outlook Express\Jokes.dbx Mail MS Outlook 5: infected - 4 skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\JOKES.DBX/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\JOKES.DBX/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml/[From "vin veneracion" <marvilanium@hotmail.com>][Date Fri, 27 Apr 2001 00:33:01 -0700]/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\JOKES.DBX/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\JOKES.DBX/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\JOKES.DBX Mail MS Outlook 5: infected - 4 skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\Mail\FOLDER9.MBX/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\Mail\FOLDER9.MBX/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml/[From "vin veneracion" <marvilanium@hotmail.com>][Date Fri, 27 Apr 2001 00:33:01 -0700]/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\Mail\FOLDER9.MBX/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\Mail\FOLDER9.MBX/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\Mail\FOLDER9.MBX Mail MS Internet Mail: infected - 4 skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\MAIL.ZIP/Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\MAIL.ZIP/Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml/[From "vin veneracion" <marvilanium@hotmail.com>][Date Fri, 27 Apr 2001 00:33:01 -0700]/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\MAIL.ZIP/Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\MAIL.ZIP/Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\MAIL.ZIP/Jokes.dbx Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive C\PQINFO\Modem\Outlook Express\MAIL.ZIP ZIP: infected - 5 skipped
D:\Old Computer\Drive D\CD Images\WinDVDPlatv4.5MultiChannel\data3.cab/raidenftpd2.exe/data0024 Infected: not-a-virus:Server-FTP.Win32.Raiden skipped
D:\Old Computer\Drive D\CD Images\WinDVDPlatv4.5MultiChannel\data3.cab/raidenftpd2.exe/data0025 Infected: not-a-virus:Server-FTP.Win32.Raiden skipped
D:\Old Computer\Drive D\CD Images\WinDVDPlatv4.5MultiChannel\data3.cab/raidenftpd2.exe Infected: not-a-virus:Server-FTP.Win32.Raiden skipped
D:\Old Computer\Drive D\CD Images\WinDVDPlatv4.5MultiChannel\data3.cab RAR: infected - 3 skipped
D:\Old Computer\Drive D\Documents and Settings\Will\Local Settings\Application Data\Identities\{E9917E38-4F0A-461B-AAC2-6BA3AA26E3BD}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive D\Documents and Settings\Will\Local Settings\Application Data\Identities\{E9917E38-4F0A-461B-AAC2-6BA3AA26E3BD}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml/[From "vin veneracion" <marvilanium@hotmail.com>][Date Fri, 27 Apr 2001 00:33:01 -0700]/kaszana.exe Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive D\Documents and Settings\Will\Local Settings\Application Data\Identities\{E9917E38-4F0A-461B-AAC2-6BA3AA26E3BD}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED/$RFC822.eml Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive D\Documents and Settings\Will\Local Settings\Application Data\Identities\{E9917E38-4F0A-461B-AAC2-6BA3AA26E3BD}\Microsoft\Outlook Express\Jokes.dbx/[From ttran@dsiescrow.com][Date Fri, 27 Apr 2001 09:03:41 -0700]/UNNAMED Infected: not-virus:BadJoke.Win32.Train skipped
D:\Old Computer\Drive D\Documents and Settings\Will\Local Settings\Application Data\Identities\{E9917E38-4F0A-461B-AAC2-6BA3AA26E3BD}\Microsoft\Outlook Express\Jokes.dbx Mail MS Outlook 5: infected - 4 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP186\A0071867.EXE Infected: not-virus:BadJoke.Win16.Aloap skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP186\A0072406.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0082227.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0082280.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0084280.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0084286.exe Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0084511.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084571.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084588.exe Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084660.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084777.exe Infected: Packed.Win32.Bagle skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084782.exe Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084797.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084829.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084848.exe Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084855.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084903.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084929.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084981.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0085025.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0085071.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085091.exe Infected: Trojan-Dropper.Win32.Delf.fd skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085092.exe Infected: Trojan-Dropper.Win32.Delf.fd skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0009 Infected: not-a-virus:AdWare.Win32.DownloadWare.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0012/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0012 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0015 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0016 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0020/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0020 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0021/bdesecureinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0021/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0021/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0024/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0024 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0025/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0028/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0028 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0029/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0029 Infected: Trojan.Win32.Krepper.y skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe Inno: infected - 26 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085102.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085139.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP234\A0085158.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP234\A0085205.exe Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085260.exe Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085261.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085336.exe Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085337.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped

Scan process completed.

Seems to show a bunch of stuff... Is the "\System Volume Information\_restore" from sysem restore points?

**Neal** · 30-03-2006

Yes and system restore needs to be left alone until the very last step.

Kazza seems to be the main problem here, a tool is available that will remove it and bundle crap that comes with it. The tool is called Kazza Begone and on very rare ocasions you will lose your internet connection because of a bug in the tool but like I said it is very rare.

There is a tool available to restore your internet connection if you do lose it and that tool is called LSPfix. So download LSPfix first to your desktop and don't do anything with it unless you lose your internet connection.

If you do lose your internet connection...

To run LSPfix be sure you are NOT connected to the Internet. CLOSE the internet connection and any programs that show in the taskbar.

Launch the application, Click finish.
Close the tool.

Reboot your computer. A full power down reboot.

Reboot and you will be back on the internet.

LSPfix:

Download LSPfix
here:
http://www.cexx.org/lspfix.htm
Or here:
http://www.snapfiles.com/get/lspfix.html

Now for Kazza Begone:

http://www.majorgeeks.com/download.php?det=3446

Run Kazza Begone now, then reboot.

Look in add/remove program and remove if there

Gator, Gain or Claria
Brilliant Digital
savenow or when u save
MyWay,MyWeb,MySearch,MyWebSearch
Twain-Tech
GO
Mirar
MediaTickets
PurityScan
Kazza
CometCursors
P2P Networking
Anything else it asks you about when uninstalling Kazza or any of the others
Anything else shown in there that you did not install or did not come with your computer

You apparently have a some infected stuff in outlook, I suggest you clean that stuff out.

After the above post a new hijackthis log with feed back on any differences hopefully.

More to get rid of out of Kaspersky scan log.

**Waleslie** · 01-04-2006

Alright, I've eliminated almost everything from the list. The remaining items that aren't from system restore aren't viruses.... So now how do I clean out the system restore stuff?

Still no change on Outlook, Spybot, etc being able to contact their servers...

Here's the latest kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, March 31, 2006 2:57:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 31/03/2006
Kaspersky Anti-Virus database records: 185329
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
B:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 152664
Number of viruses found: 25
Number of infected objects: 101
Number of suspicious objects: 0
Duration of the scan process: 02:31:41

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0082294.exe Infected: Trojan-Downloader.Win32.Bagle.aj skipped
C:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0085052.dll Infected: Trojan-Downloader.Win32.Bagle.af skipped
C:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085231.exe Infected: Trojan-Downloader.Win32.Bagle.aj skipped
C:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085259.exe Infected: Trojan-Downloader.Win32.Bagle.aj skipped
D:\Documents and Settings\Will\Desktop\Stuff\Matrix Screensaver\Matrix3D3.01Setup.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\Documents and Settings\Will\Desktop\Stuff\Matrix Screensaver\Matrix3D3.01Setup.exe WiseSFX: infected - 1 skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Windows XP\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Windows XP\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Windows XP\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Will\Desktop\Stuff\Programs\Windows XP\keyfinder.exe RarSFX: infected - 3 skipped
D:\Old Computer\Drive D\CD Images\WinDVDPlatv4.5MultiChannel\data3.cab/raidenftpd2.exe/data0024 Infected: not-a-virus:Server-FTP.Win32.Raiden skipped
D:\Old Computer\Drive D\CD Images\WinDVDPlatv4.5MultiChannel\data3.cab/raidenftpd2.exe/data0025 Infected: not-a-virus:Server-FTP.Win32.Raiden skipped
D:\Old Computer\Drive D\CD Images\WinDVDPlatv4.5MultiChannel\data3.cab/raidenftpd2.exe Infected: not-a-virus:Server-FTP.Win32.Raiden skipped
D:\Old Computer\Drive D\CD Images\WinDVDPlatv4.5MultiChannel\data3.cab RAR: infected - 3 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP186\A0071867.EXE Infected: not-virus:BadJoke.Win16.Aloap skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP186\A0072406.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0082227.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0082280.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0084280.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0084286.exe Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP230\A0084511.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084571.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084588.exe Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084660.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084777.exe Infected: Packed.Win32.Bagle skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084782.exe Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP231\A0084797.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084829.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084848.exe Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084855.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084903.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084929.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0084981.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0085025.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP232\A0085071.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085091.exe Infected: Trojan-Dropper.Win32.Delf.fd skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085092.exe Infected: Trojan-Dropper.Win32.Delf.fd skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0009 Infected: not-a-virus:AdWare.Win32.DownloadWare.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0012/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0012 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0015 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0016 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0020/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0020 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0021/bdesecureinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0021/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0021/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0024/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0024 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0025/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0028/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0028 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0029/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe/data0029 Infected: Trojan.Win32.Krepper.y skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085093.exe Inno: infected - 26 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085102.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP233\A0085139.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP234\A0085158.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP234\A0085205.exe Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085260.exe Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085261.sys Infected: Trojan-Proxy.Win32.Mitglieder.dz skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085336.exe Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP235\A0085337.sys Infected: Trojan-Proxy.Win32.Mitglieder.ea skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0025/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0026/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0029/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0030 Infected: Trojan.Win32.Krepper.y skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0032/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0032/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe/data0032 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087239.exe Inno: infected - 26 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087240.EXE/WISE0092.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
D:\System Volume Information\_restore{6C1100A3-9A16-4282-8FAA-F39ADF2C0DA1}\RP238\A0087240.EXE WiseSFX: infected - 1 skipped

Scan process completed.

And HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 2:58:23 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Utility\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Utility\Avast4\ashServ.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Utility\CounterSpy\Consumer\sunThreatEngine.exe
C:\Utility\CounterSpy\Consumer\SunProtectionServer .exe
C:\Drivers\Logitech\iTouch\iTouch\iTouch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Utility\DAEMON Tools\daemon.exe
C:\Drivers\Logitech\MouseWare\MouseWare\system\em_ exec.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Utility\Avast4\ashDisp.exe
C:\Utility\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Utility\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Word Processing\Acrobat Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Drivers\Logitech\iTouch\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Utility\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [avast!] C:\Utility\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunServer] C:\Utility\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://C:\Utility\OmniPage Pro\PdfCnv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1117165599252
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...24/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C253BA57-2434-4ACD-8B87-F3443DC4CF5B}: NameServer = 207.69.188.185,207.69.188.186
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Utility\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Utility\Avast4\ashServ.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

**Neal** · 01-04-2006

do this:

fix this with hijackthis:

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptem...login-devel.cab

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

Possible Virus?

Re: Possible Virus?

Similar Threads

Need help with a virus.

Virus that won't let me open or run any anti-virus software

Virus or what

Another virus

Virus