Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Xandrino

Pages: [1]
1
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: October 28, 2005, 12:32:07 AM »
Hello there, tha ks for your help. I've followed your instructions, here are my logs...

Logfile of HijackThis v1.99.1
Scan saved at 7:18:55 AM, on 10/28/2005
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         7:11:52 AM, 10/28/2005
 + Report-Checksum:      6F0CC124

 + Scan result:

   HKU\S-1-5-21-299502267-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
   HKU\S-1-5-21-299502267-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36600C37-FAC4-471E-90BB-FC7A9C979C24} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-21-299502267-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-21-299502267-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410CDE-6F16-42CE-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
   HKU\S-1-5-21-299502267-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B10031B2-F184-4803-9A88-D239C0641D70} -> Spyware.180Solutions : Cleaned with backup
   HKU\S-1-5-21-299502267-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF69DF00-2734-477F-8257-27CD04F88779} -> TrojanDownloader.Wareout : Cleaned with backup
   HKU\S-1-5-21-299502267-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-21-299502267-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DC0CFE-D11A-489B-84C0-63748AFAABF3} -> Spyware.ZyncosMark : Cleaned with backup
   C:\WINDOWS\system32\cspzz.exe -> TrojanDropper.Vidro.u : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011763.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011764.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011819.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011823.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP41\A0013872.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP41\A0013873.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP41\A0015866.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP41\A0015867.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP42\A0015892.EXE -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP42\A0015893.EXE -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP42\A0017954.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP42\A0017955.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP42\A0017982.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP42\A0017983.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP42\A0018292.dll -> Spyware.SBSoft : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP43\A0019334.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP43\A0019335.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP43\A0020495.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP43\A0020496.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP44\A0020515.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP44\A0020516.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP44\A0020575.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP44\A0020576.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP44\A0020623.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP44\A0020624.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP45\A0020762.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP45\A0020763.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP45\A0020782.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP45\A0020783.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP47\A0022059.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP47\A0022060.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP47\A0022089.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP47\A0022090.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP47\A0022135.EXE -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP47\A0022136.EXE -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP48\A0022154.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP48\A0022155.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP48\A0022185.EXE -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP48\A0022186.EXE -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP50\A0022223.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP50\A0022246.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP50\A0022311.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP50\A0022312.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP57\A0024274.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP57\A0024275.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP58\A0024464.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP58\A0024465.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP58\A0024532.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP58\A0024533.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP58\A0024550.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP58\A0024551.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP58\A0024570.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP58\A0024571.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP59\A0024577.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP60\A0024587.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP61\A0024598.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP63\A0024690.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP63\A0024691.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP64\A0024724.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP64\A0024741.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP64\A0024742.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP65\A0025747.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP65\A0025748.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP66\A0025767.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP66\A0025768.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP67\A0025785.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP68\A0025802.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP69\A0025821.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP69\A0025822.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP69\A0026921.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP69\A0026922.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP70\A0026949.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP71\A0026960.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP71\A0026961.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP72\A0026973.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP72\A0026974.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP73\A0026985.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP73\A0026986.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP74\A0026993.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP74\A0026994.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP75\A0026997.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP75\A0027001.exe -> TrojanDropper.Vidro.u : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP75\A0027010.exe -> TrojanDropper.Vidro.u : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP75\A0027014.exe -> TrojanDropper.Vidro.u : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP75\A0027032.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP75\A0027033.exe -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP75\A0027034.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP76\A0027035.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP77\A0027042.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP77\A0027043.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP78\A0027051.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP78\A0027074.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP79\A0027075.exe -> Trojan.Qhost.qr : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP79\A0027085.exe -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP79\A0028014.exe -> TrojanDropper.Vidro.u : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP79\A0029014.exe -> TrojanDropper.Vidro.u : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP79\A0029185.EXE -> Spyware.Msnagent : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP79\A0029187.EXE -> Spyware.FindSpy : Cleaned with backup
   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP79\A0029188.EXE -> Trojan.Qhost.qr : Cleaned with backup


Fixwareout ver 1.002
Post this report in the forums please
 
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23naelch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\17
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\22
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\24
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\26
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\27
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\29
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\30
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\31
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\33
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\34
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\37
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\38
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\39
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\41
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\42
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\43
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\45
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\47
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\48
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\49
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\50
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\51
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\52
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\53
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\54
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\55
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\56
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\58
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\59
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\60
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\62
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\63
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\65
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\66
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\67
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\68
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\69
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\70
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\71
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\72
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\73
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\74
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\75
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\76
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\77
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\89
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\92
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\93
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\94
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\95
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\96
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\97
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\98
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\99
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\102
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\104
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\105
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\106
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\107
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\108
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\109
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\110
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\111
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\112
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\113
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\114
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\115
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\116
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\117
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\118
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\119
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\120
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\121
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\122
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\123
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\124
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\125
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\127
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\128
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\129
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\130
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\131
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\132
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\133
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\134
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\135
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\136
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\137
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\138
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\139
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\140
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\141
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\142
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\143
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\144
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\145
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\146
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\147
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\148
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\150
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\151
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\152
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\153
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\154
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\155
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\156
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\157
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\158
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\159
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\160
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\162
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\163
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\164
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\165
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\166
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\167
 
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
 
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSPZZ.EXE
 
»»»»» Misc files
 
»»»»» Checking for older varients covered by the Rem3 tool

PS. There were 2 files you mentioned i should check to have fixed in HijackThis that i didn't see. I guess that's good but I will tell u the 2 files just in case it might help:

O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

2
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: October 18, 2005, 09:05:46 AM »
Hello, could someone help me out with this Win32.P2P-Worm.Alcan.a  worm? I will post my Hijackthis and Panda logs below.
Thanks in advance,

Xandrino


Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 4:31:01 AM, on 10/18/2005
Platform: Windows XP SP2, v.2055 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R3 - URLSearchHook: (no name) - {D8F1D472-D201-2297-8BD5-72CC290E4A82} - EXE32EXE.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [UserSp1] startman.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKCU\..\Run: [Dest068] SYSTRAV.exe
O4 - HKCU\..\Run: [CToolBar] StartCpl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B5FE67A-15BF-4A47-A256-65CBD1BB074E}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E27FB89E-8A71-492A-ABFB-A44132D0A21B}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B5FE67A-15BF-4A47-A256-65CBD1BB074E}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B5FE67A-15BF-4A47-A256-65CBD1BB074E}: NameServer = 69.50.176.158,85.255.112.8
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

my Panda log:

Incident                      Status                        Location                                                                                                                                                                                                                                                        

Virus:Trj/Downloader.EEV      Disinfected                   C:\WINDOWS\q16333078_disk.dll                                                                                                                                                                                                                                  
Adware:adware/sbsoft          No disinfected                C:\WINDOWS\rdt.ini                                                                                                                                                                                                                                              
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\XANDER\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-29893042-422de001.zip[GetAccess.class]                                                                                                                
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\XANDER\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-29893042-422de001.zip[InsecureClassLoader.class]                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\XANDER\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-29893042-422de001.zip[Dummy.class]                                                                                                                    
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\XANDER\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-29893042-422de001.zip[Installer.class]                                                                                                                
Spyware:spyware/wareout       No disinfected                C:\Documents and Settings\XANDER\Application Data\wo.tmp                                                                                                                                                                                                        
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Trojan Remover 6.3.5.zip[Setup.exe]                                                                                                                                                                                  
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\FileRecoveryAngel 1.06.zip[Setup.exe]                                                                                                                                                                                
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\ImTOO Mpeg Encoder 2.1.55.1008b.zip[Setup.exe]                                                                                                                                                                        
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Default Printer 2.1.zip[Setup.exe]                                                                                                                                                                                    
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Hitman 2.zip[Setup.exe]                                                                                                                                                                                              
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Moto GP 3.zip[Setup.exe]                                                                                                                                                                                              
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\File Utilities.zip[Setup.exe]                                                                                                                                                                                        
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Maxthon.zip[Setup.exe]                                                                                                                                                                                                
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\TVolution 1.0.zip[Setup.exe]                                                                                                                                                                                          
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Mcft Windows XP Scene Edition 1.6 INTER.zip[Setup.exe]                                                                                                                                                                
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\DVD to AVI DivX MPEG Ripper converts 7gb.zip[Setup.exe]                                                                                                                                                              
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Visual.CertExam.Suite 1.7.542.CHiCNCREA.zip[Setup.exe]                                                                                                                                                                
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Boris RED 3GL incl Plugins.zip[Setup.exe]                                                                                                                                                                            
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\PHPMaker 3.02.zip[Setup.exe]                                                                                                                                                                                          
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\HiDownload 6.4.zip[Setup.exe]                                                                                                                                                                                        
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Download Tunnel Me 2.0.1 , set up tunne.zip[Setup.exe]                                                                                                                                                                
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Simpsons hit and run.zip[Setup.exe]                                                                                                                                                                                  
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Batman Begins.zip[Setup.exe]                                                                                                                                                                                          
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\HTMLRunExe 2.0.zip[Setup.exe]                                                                                                                                                                                        
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Clipboard Box 2.2.zip[Setup.exe]                                                                                                                                                                                      
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\MaxBulk Mailer 4.3.zip[Setup.exe]                                                                                                                                                                                    
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\QuickTime Alternative 1.63.zip[Setup.exe]                                                                                                                                                                            
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Real Alternative 1.44.zip[Setup.exe]                                                                                                                                                                                  
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\ArtMoney 7.14.zip[Setup.exe]                                                                                                                                                                                          
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\I-Sound WMA MP3 Recorder Pro 6.57.3.zip[Setup.exe]                                                                                                                                                                    
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Cute CD DVD Burner 2.3.zip[Setup.exe]                                                                                                                                                                                
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\C-Organizer Professional 3.4.zip[Setup.exe]                                                                                                                                                                          
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\PowerGREP 3.2.0.zip[Setup.exe]                                                                                                                                                                                        
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Foxy 1.0.4.zip[Setup.exe]                                                                                                                                                                                            
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\UltraISO 7.65.zip[Setup.exe]                                                                                                                                                                                          
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Reportizer 2.2.5.73.zip[Setup.exe]                                                                                                                                                                                    
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Screen VidShot 2.1.zip[Setup.exe]                                                                                                                                                                                    
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Macro Recorder 2.11.zip[Setup.exe]                                                                                                                                                                                    
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\EditPlus V. 2.20.zip[Setup.exe]                                                                                                                                                                                      
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\SMS Create Pro 5.5.zip[Setup.exe]                                                                                                                                                                                    
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Panda Titanium Antivirus.zip[Setup.exe]                                                                                                                                                                              
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\CorelDRAW Graphics Suite 12.zip[Setup.exe]                                                                                                                                                                            
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\Ulead PhotoImpact 11.zip[Setup.exe]                                                                                                                                                                                  
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\DZSoft PHP Editor 3.5.0.2.zip[Setup.exe]                                                                                                                                                                              
Virus:W32/Alcan.A.worm        Disinfected                   C:\Documents and Settings\XANDER\Complete\SQL Server Backup 4.01.zip[Setup.exe]                                                                                                                                                                                
Virus:W32/Alcan.A.worm        Disinfected                   C:\Program Files\winupdates\winupdates.exe                                                                                                                                                                                                                      
Virus:W32/Alcan.A.worm        Disinfected                   C:\Program Files\winupdates\a.tmp                                                                                                                                                                                                                              
Virus:W32/Alcan.A.worm        Disinfected                   C:\Program Files\winupdates\a.zip[Setup.exe]                                                                                                                                                                                                                    
Virus:Trj/DelCache.A          Disinfected                   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0009708.exe                                                                                                                                                                  
Virus:Trj/Troiram.A           Disinfected                   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0009716.exe                                                                                                                                                                  
Virus:Trj/DelCache.A          Disinfected                   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0010708.exe                                                                                                                                                                  
Virus:Trj/Troiram.A           Disinfected                   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0010721.exe                                                                                                                                                                  
Virus:Trj/DelCache.A          Disinfected                   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011708.exe                                                                                                                                                                  
Virus:Trj/Troiram.A           Disinfected                   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011720.exe                                                                                                                                                                  
Virus:Trj/DelCache.A          Disinfected                   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011746.exe                                                                                                                                                                  
Virus:Trj/Troiram.A           Disinfected                   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011759.exe                                                                                                                                                                  
Virus:Trj/Qhost.BP            Disinfected                   C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011762.EXE                                                                                                                                                                  
Adware:Adware/Findspy         No disinfected                C:\System Volume Information\_restore{58931BB6-457C-40CE-9E49-56E1BAFAA524}\RP40\A0011763.exe

Could somebody help me with these results? I have no clue what to do...thanks!

Pages: [1]