Thread: How do i fix Rundll32???
View Single Post
Old 10-20-2006, 10:01 AM   #7 (permalink)
joesquire
Registered User
 
Join Date: Oct 2006
Posts: 12
OS: Windows XP


Hello
Here are the 3 reports you asked for :)
in the order:
AVG Anti-Spyware Results
Panda Results
HiJackThis Log



AVG:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:57:12 20/10/2006

+ Scan result:



HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030446.exe -> Dropper.Kifer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030447.exe -> Dropper.Kifer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030448.exe -> Dropper.Kifer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030449.exe -> Dropper.Kifer : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Joe\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Joe\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.12:C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.19:C:\Documents and Settings\Joe\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Joe\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.16:C:\Documents and Settings\Joe\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023963.exe -> Trojan.KillAV.cj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\regsrv.exe -> Trojan.KillAV.cj : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\Client_5_1_0_2.jar-5be42d9f-36a65a1a.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\DrawingGame.jar-792e1f16-2798aa8a.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\ElectroCam.jar-41256282-37cf80bc.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\banner.jar-4d0c5afa-1057d3bb.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\banner.jar-4d0c5afa-57b03e6a.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\constructor.jar-17a2dce0-52252a48.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\holomatix.jar-2080ce57-511c1820.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\holomatix.jar-60d06cd3-2683236f.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\holomatix.jar-72c3c975-2a4dbc62.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\hyppy.jar-211954c6-7dcc99cd.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\jvmtest-en_US.jar-3ab6ffa4-5a3845ce.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\logo.jar-75e49bcb-13ff899e.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\logo.jar-75e49bcb-6dc980e4.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\memory.jar-1024b884-70c4db95.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\pool2-en_US.jar-25048aa-34d8449d.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\preload.jar-4e4cddb-71e1d2aa.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\.jpi_cache\jar\1.0\uploader.jar-14d5cb36-594c8b94.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\iht3ait1.slt\prefs-2-2-2-2-2-2.bak -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\iht3ait1.slt\prefs-3.bak -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\iht3ait1.slt\prefs.bak -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Client_5_1_0_2.jar-74857c8b-2f145cf3.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\AFTERM~1.!!!/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\Alex Kidd in Miracle World (UE) [o1].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\C.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\CSXFINAL.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\CrazyRules full version.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\CreditCard.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\LEGACY11.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\Red Alert Stuff\FSVER11.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\Red Alert Stuff\FWP20.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\Red Alert Stuff\FWPWIN11.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\Red Alert Stuff\cyberalert30.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\TRAX.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\WGENS211.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\messpatch-g5-80812v2(www.mess.be).zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Athenia_Floors.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Atrus_floors.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_BlueCruise_floors.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_camera-deco.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_ceilinglamp.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_chair.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_developingbath.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_enlarger.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_fixbath.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_photoclutter.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_picturestring1.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_picturestring2.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_picturestring3.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_shelf1.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_shelf2.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_stopbath.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_table1.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_table2.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_table3.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Darkroom_viewer.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_IndianFloors_01.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Jee_Carpets_Dark.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_LundbyAcajou_floors.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_LundbyGreen_floors.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Marroco_floors.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_ModFloor_darkgreyframe.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_ModFloor_lightgreyframe.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_ModFloor_plain.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_ModFloor_tiles.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_ModFloor_whiteframes.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_Paprika_floors.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_WoodFloors_01.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\ATS_YellowLuxe_floors.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\CS.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\HR8.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\RugOMatic_1.6_Setup.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\SB3.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\SB30.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\Transmogrifier_2.1.2_Setup.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\basket00285305001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\basket00292846001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\basket00292882001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\basket00323325001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\sims addons\basket00323332001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\Aaahh!!! Real Monsters (4) [!].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\Bubsy (JUE) [!].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\Donald Duck in Maui Mallard (A) [b1].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\Dr. Robotnik's Mean Bean Machine (U) [h1].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\Mickey Mouse - Castle of Illusion (J).zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\Puggsy (JUE) [R-Eur].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\Quack Shot Starring Donald Duck (REV 00) (JUE) [!].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\Shove It - The Warehouse Game (U) [!].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\TAZ Mania (U) [T-Port].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\wgens211\Tiny Toons - Buster's Hidden Treasure (E) [!].zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Red Alert 2 Stuff\REDIT.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\Red Alert 2 Stuff\inifiles02.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\MTS2_254186_Numenor_CEP_Windows-AutoInstaller.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00264570001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00265843001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00268847001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00269119001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00271652001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00272749001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00278675001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00280137001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00280392001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00280422001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00280563002.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00281753001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00282505001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00284377001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Downloads\The Sims 2 Stuff\Objects\basket00331561001.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Limewire\AutoCad 2005 +serial +keygen\Bin\ACADFeui\Support\DAO35.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Desktop\Red Alert 2\RA2.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Documents and Settings\Joe\Local Settings\Application Data\toaster\packages\en-US\ffbce9e5-f510-4ddd-a811-754a5a364b66\IMAPP.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\CORE1.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\CORE2.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\CORE3.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Program Files\Windows Media Player\NPDRMV2.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\Program Files\Windows Media Player\NPDS.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP64\A0023905.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023943.hta -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023944.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023945.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023946.hta -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023947.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023954.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023965.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023966.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP65\A0023967.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030382.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030383.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030402.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030403.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030410.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030411.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030422.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030423.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030424.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030425.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030426.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030438.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030440.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030441.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030444.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030445.hta -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030450.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030451.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030452.hta -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030453.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP87\A0030454.exe -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP89\A0030785.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP89\A0030787.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP90\A0031279.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1E53CCF5-3DC2-4C70-876A-CC0FCB1115FF}\RP91\A0031496.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\WINDOWS\system32\FILEZIP.ZIP/FILE.VBS -> Worm.Gedza : Cleaned with backup (quarantined).
C:\WINDOWS\system32\File.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\WINDOWS\system32\GEDZAC.vbs -> Worm.Gedza : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Template.htm -> Worm.Gedza : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iw.dat -> Worm.Gedza : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iwn.dat -> Worm.Gedza : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ix.dat -> Worm.Gedza : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ixn.dat -> Worm.Gedza : Cleaned with backup (quarantined).


::Report end





Panda:

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Joe\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt[.atwola.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\iht3ait1.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\w2\lsqgp3ct.slt\cookies.txt[.atwola.com/]
Virus:VBS/Gedza.A.worm Disinfected C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\messpatch-g4-80792v2(www.mess.be).zip[FILE.VBS]
Virus:Worm Generic Disinfected C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\Red Alert Stuff\cyberalert30\cyberalert30.exe
Virus:VBS/Gedza.A.worm Disinfected C:\Documents and Settings\Joe\My Documents\My Chat Logs\October 2006\lindsey_4eva@hotmail.com.html
Virus:VBS/Gedza.A.worm Disinfected C:\Documents and Settings\Joe\My Documents\My Chat Logs\September 2006\kirsteee_x_x@msn.com.html
Virus:VBS/Gedza.A.worm Disinfected C:\Documents and Settings\Joe\My Documents\My Chat Logs\September 2006\lindsey_4eva@hotmail.com (2).html
Virus:VBS/Gedza.A.worm Disinfected C:\Documents and Settings\Joe\My Documents\My Chat Logs\September 2006\lindsey_4eva@hotmail.com.html



HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 16:56:58, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\OSD\OSD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AOL Communicator\ac_secdbm.exe
C:\Program Files\AOL Communicator\ac_abook.exe
C:\Program Files\AOL Communicator\ac_mail.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Joe\Desktop\Downloads\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.co.uk"); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\iht3ait1.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\iht3ait1.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\OSD\OSD.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: AOL Communicator.lnk = C:\Program Files\AOL Communicator\ac_launch.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {70E910FE-A809-4E1B-97C2-19D9CE68C34B} - http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe




Hope this is ok :)
joesquire is offline