BleepingComputer.com: Hijackthis Log

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Hijackthis Log

#1 User is offline   Dragoon 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 23-April 06

Posted 23 April 2006 - 01:14 PM

If y'all have time could ya help me with this?
I've run bitdefender, etrust and housecall as well as defender and multiple other programs also i can't seem to open task manager

Logfile of HijackThis v1.99.1
Scan saved at 12:02:48 PM, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\MediaKey\MMKeybd.EXE
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Program Files\outlook\outlook.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\j2re1.4.2\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [StarSkin] C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\STARSKIN.EXE -H
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MMKeybd.EXE
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: QuickLauncher.lnk = C:\Program Files\ServerSpy.Net\GameLauncher\quicklauncher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O15 - Trusted Zone: www.mangadownload.net
O15 - Trusted Zone: http://manga-heaven.n-u-l-l.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A79AAEF-0913-4E57-9429-59EA4377D8E9} (LaunchGame.launchGameCtrl) - http://cartoon.ongamenet.com.au/LaunchGame_20050802.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes...ion=4,3,2,20802
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127885622640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,27
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

This post has been edited by Dragoon: 23 April 2006 - 02:37 PM

#2 User is offline   Jag11 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,027
  • Joined: 17-November 05
  • Location:127.0.0.1

Posted 24 April 2006 - 07:06 AM

Download Brute Force Uninstaller to your desktop.
  • Right click the file on your Desktop, and choose Extract All.
  • Click Next.
  • In the box to choose where to extract the files to:
  • Click Browse.
  • Click on the + sign next to My Computer
  • Click on Local Disk (C:) or whatever your primary drive is.
  • Click Make New Folder
  • Type in BFU
  • Click Next, and Uncheck the Show Extracted Files box and then click Finish.
Right-click Here and choose "Save As" (in IE it's "Save Target As").
  • Save it in the same folder you made earlier (c:\BFU)
Run Brute Force Uninstaller

Go to Start » My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Beside the white box field, click the folder icon: Posted Image : select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
====

Then post a new HijackThis log.
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#3 User is offline   Dragoon 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 23-April 06

Posted 24 April 2006 - 05:38 PM

I love you it's working fine so far

Logfile of HijackThis v1.99.1
Scan saved at 4:36:45 PM, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\MediaKey\MMKeybd.EXE
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\j2re1.4.2\bin\javaw.exe
C:\WINDOWS\system32\conime.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\BFU\BFU.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [StarSkin] C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\STARSKIN.EXE -H
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MMKeybd.EXE
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: QuickLauncher.lnk = C:\Program Files\ServerSpy.Net\GameLauncher\quicklauncher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O15 - Trusted Zone: www.mangadownload.net
O15 - Trusted Zone: http://manga-heaven.n-u-l-l.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A79AAEF-0913-4E57-9429-59EA4377D8E9} (LaunchGame.launchGameCtrl) - http://cartoon.ongamenet.com.au/LaunchGame_20050802.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes...ion=4,3,2,20802
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127885622640
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,27
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 User is offline   Jag11 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,027
  • Joined: 17-November 05
  • Location:127.0.0.1

Posted 24 April 2006 - 10:51 PM

Hi,

Posted Image You have been infected by DKangel/BFGhost, a backdoor trojan which allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.

Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing rootkits. While we can attempt to clean what we see in your logs, we can't guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be prudent to backup your information, reformat, and reinstall.

More information on Remote Access Trojans can be found here.

I suggest you do the following immediately:

From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do not change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.


If, however, you decide that the computer is not used for any sensitive work, or if you do not wish to reformat at this time, I can definitely help you clean your computer to the best of my abilities.

Please let me know what you decide to do in your next post.

=====================================

Download ATF Cleaner
  • Save it to your Desktop. We will use this later.
Download Ewido Anti-Malware
  • Install Ewido.
  • When installing, under Additional Options, uncheck:
    • Install background guard
    • Install scan via context menu

  • Launch Ewido.
  • The program will now open the main screen.
  • You will need to update ewido to the latest definition files
    • On the left hand side of the main screen click update.
    • Then click on the Start Update button.

  • The update will start and a progress bar will show the updates being installed.
  • After it has finished, close Ewido, we will use it later.
  • If you are having problems with the updater, you can use this link to manually update ewido » Ewido manual updates.
=====================================

I notice that you have Windows Defender running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. You can re-enable this when your computer is already clean.

Disable Windows Defender
  • Go to Tools » General Settings
  • Scroll down to Real-time protection options
  • Uncheck Turn on real-time protection (recommended)
Then, in the toolbar across the top there is a little downpointing arrow next to the question mark icon.
Click on that, get a drop down list. One of the options is to exit Windows Defender.
Click on that, and there will be a pop up asking if you are sure you want to exit. Click Yes/OK.

=====================================

Show Hidden Files and Folders

Click Start » My Computer » Tools » Folder Options. Select the View tab.
  • Check - Show hidden files and folders
  • Uncheck - Hide file extensions for known types
  • Uncheck - Hide protected operating system files
Click Yes to confirm, then OK to exit.

=====================================

Boot into Safe Mode. Please restart your computer and before the Windows logo appear, tap F8 repeatedly. A menu should appear, select Safe Mode from the menu and then hit Enter on your keyboard. (this will take a while, so don't worry, just wait)

=====================================

Run HijackThis

Please open HJT, click Do a system scan only, and then place a checkmark beside each of these entries:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O15 - Trusted Zone: www.mangadownload.net
O15 - Trusted Zone: http://manga-heaven.n-u-l-l.net

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

* Delete this file (if found) -

C:\WINDOWS\system32\conime.exe

=====================================

Run ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
Click Exit on the Main menu to close the program.

=====================================

Run Ewido
  • Please close all Windows, Programs or Browsers.
  • Open Ewido.
  • Click on scanner at the left side, then click on Complete System Scan.
    • Please don't use the computer while scanning
    • If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose Clean and click Ok.

  • Once the scan has completed, click the button located on the bottom of the screen named Save report.
  • Save the report to your Desktop.
  • Close Ewido.
=====================================

Restart your computer

=====================================

In your next reply, please include these log(s):
  • HijackThis (new)
  • Ewido

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#5 User is offline   Jag11 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,027
  • Joined: 17-November 05
  • Location:127.0.0.1

Posted 02 May 2006 - 11:34 PM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Jet Ian
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#6 User is offline   Jag11 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,027
  • Joined: 17-November 05
  • Location:127.0.0.1

Posted 03 May 2006 - 10:22 PM

// Opened again per Dragoon's request. //
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#7 User is offline   Dragoon 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 23-April 06

Posted 04 May 2006 - 12:08 AM

Ewido scan as requested


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:01:10 PM, 03/05/2006
+ Report-Checksum: 1420CD36

+ Scan result:

:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wqlqvuxf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\100 Greatest Rap Hip Hop Songs Of All Time.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\100 Greatest Rock Songs Of The 90 S.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\2 Pac Discography.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\20+ Jessica Alba pics SULiik.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\24 Season 5 Episodes 1 12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\32 34 121 Sin Sys Exe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\32 AMG Wallpapers SULiik.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\50 Carmen Electra pics SULiik.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\56 Ford GT40 Wallpapers SULiik.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\60+ Elisha Cuthbert pics SULiik.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\A4e Great Teacher Onizuka 01 43.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Acdc Discography 19cd H8me.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Act Of War High Treason Clonedvd Moncul.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Aerosmith Aerosmith S Rarest Series Limited Edition 320kbps.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Age Of Empires Iii.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\An Evening With Richard Bandler avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Ani Kraze Chrono Crusade Complete.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Animal Sex Dogs Horses Pigs Snakes And Cows Are bleeped Or Fu.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\AnyDVD v5 9 5 7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Aone Any Ah My Goddess 01 24.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Aone Naruto 01 25.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Aone Naruto 101 125.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Aone Naruto 126 150.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Aone Naruto 26 50.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Aone Naruto 51 75.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Aone Naruto 76 100.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Aperture Dmg.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Arctic Monkeys - Whatever People Say I Am That's What I'm Not.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Atc Yu Yu Hakusho.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\AudioBook Terry Pratchett - Guards! Guards!.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Azumanga Daioh Triad Atc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Azureus2 4 0 0 Jar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Battlefield 2 Full Dvd Mininova Org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Battlestar Galactica 2003 Season 1 And 2 Complete.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\bbc Doctor Who 2005 2x02 Tooth and Claw [Xvid] 22 April 2006 darmeth.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\BBC Horizon - 2005 09 15 - The Hawking Paradox avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Best Of Kitty Vol 1 4 Hentai.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Big Mommas House 2 DVDSCR FS XVID-JFKXVID [www descargasweb net].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Billboard Top Usa Singles 1990 2004 3 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Black And White 2 Clone.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\C Cgezeho Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Charmed Season 2 Dvdrip Charmed Bt.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Chd 3 2 Bat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Chris Brown Chris Brown 2005 Tam Rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Civilization 4 V1 52.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\CloneDVD v2 8 9 5 + keygen.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Colin Mcrae Rally 2005 Multilingual Www Slotorrent Net.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Command And Conquer The First Decade Read Nfo Clonedvd Mirror.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Contact Us.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Copyright Policy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Core No Ip Info 8000 Family Guy Season 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Core No Ip Info 8000 Scrubs Season 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Cowboy Bebop Session 01 26 Dual Audio Dvd Rip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Crimson Climax.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Dan Reason 3 0 Full Serial.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Dcp 4 13 06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Death Cab for Cutie - Crooked Teeth EP.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Death Cab for Cutie - Forbidden Love EP.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Depeche Mode Collection Of 11 Albums Cd With Remixes.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Depeche Mode Playing The Angel 2005 Amok.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Details For James Bond 1 20 Completely Fixed.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Discipline Ep3 avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Discipline Ep4 avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Do Do Ing Win Nt Exe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Doctor Who - Doctor Who Confidential - 2x02 - Fear Factor WS DCcap XviD-ACP avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Doctor Who 2006 - 2x02 - Tooth and Claw [Raptor's XviD 350 HDTV] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Dr Who - DOCTOR WHO 2006 S02 E02 Tooth & Claw [PDTV]W m.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Dragon Ball Complete 27gb.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Dragonball Dvdrip 001 153.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Dragonball Z All Episodes Eng.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Dragonball Z Complete 38gb Wow.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Duck Tales 1 100.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Dvd Full Metal Alchemist Movie The Conqueror Of Shambala Dvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Elvis Presley Original Elvis Collection Pack 1di 2 50 Cd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Entrevue choc hors serie N1 Ebook Fr-LiBRARY.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Eureka Seven.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Everybody Loves Raymond Season 8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Evolution Gt Itwins.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\F E A R Eng Fulldvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Fable The Lost Chapters Dvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Family Guy 424 Pdtv Lol.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Family Guy 514 Deep Throats Flame.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Far Cry Pc Game Dvd Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Final Fantasy Viii Pc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Fire Department 3 SFClone-UnleashedBRANDNEW + WEBSEED.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Firefox Plugin.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\FriendsofED Flash Application Design Solutions The Flash Usability Handbook Feb 2006 eBook-BBL.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Full House - 2x21 - Luck Be a Lady Part 1 DVDRip.XviD.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Full Metal Alchemist Engsub Complete Series.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Full Metal Panic Dual Audio.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Fun Wiz Sys Bat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Futurama Season 1 5 Complete Extras.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Getbackers Complete Eps 1 49.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Gomez How We Operate Darkside Rg.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Grand Theft Auto San Andreas.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Hajime No Ippo 1 76 Champion Road Kimura Vs Mashiba.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Half Life 2 Pc Game Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Hl Bizarre Cage 1 3 Requested.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Hostel 2005 Ws Dvdrip Xvid Nfe Www Descargasweb Net.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Ice 2 En Ts.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Ice Age 2 The Meltdown Reloaded 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Ice Age The Meltdown Tc Dvdr Undertaker.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Ice Age The Meltdown Ts Xvid Hustle.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Imax Bugs In 3d Dvdiso Multi Audio En Ge Fr Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Initial D Complete Eng Sub.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Inside Man 2006 Ts Adywan A Ukb Kvcd By Dev.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Inuyasha English 1 126.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Iron Maiden Every Album.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\James Blunt Complete Works 2005 6 2cd 4vid Cov 192kbps.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Javfans Jav Tokyo Momo Incest Uncensored.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Jersey Run Me Bat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Jp Mstc 3 2 Exe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Kelly Clarkson Because Of You Smg Mpg.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Kelly Clarkson Breakaway 2005 Cd 3vids Covers.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Kelly Clarkson Breakaway Album.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Kenny Chesney The Road And The Radio Cdr 2005 I8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Maburaho Complete Atc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Mafia Pc Game.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Mame 1 03 Complete Roms Sets Merged No Chds.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Married With Children.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Massive Attack - Collected (Audio Disc).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Matisyahu Youth 2006 Delta.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Matisyahu Youth 2006 Rac.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Matisyahu Youth Vls 2005 Gmg Rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Medal Of Honor Pacific Assault Pc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Metallica 13 Albums.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Microsoft Office Professional 2007.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Microsoft Windows Xp Professional Edition Proper Ftsiso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Midnight Club 3 Dub Edition Remix Ps2dvd Multi5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Midnight Strike Force.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Ministry Of Sound Dance Nation 2006 2cd Split Mp3s.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Mirage Team Naruto 180 Vostfr.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\N64 Roms Emulator.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Naruto 1 50.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Naruto 101 150.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Need For Speed Most Wanted Pc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Neon Genesis Evangelion Remastered Complete Sub Dvdrip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\New Riders Creating Games in C plus plus A Step by Step Guide Feb 2006 eBook-BBL.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Next ».zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Oz Complete 6 Seasons.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Paison Bregk T01e17.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Pc Game 1dvd Eng The Godfather The Game Crack Key.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Pc Game 1dvd Multi7 Tomb Raider Legend.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Pc Toca Race Driver 3 English.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Pearl Jam Pearl Jam Rock Mp3z Com 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Pimp My Ass 3 Dvdrip 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Pink Floyd-Dark Side of the Moon (Remastered)(Darkside RG).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Prince Of Persia The Two Thrones Pc Dvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Princess And Maid Movie Hq Mp4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Prison Break 116 Hdtv Lol Vtv Avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Prison Break S01e18 Meganova Org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Prison Break Season 1 Ep 1 13 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Psp 35 Iso Games Fastloader V0 7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Quake 4 Dvd Deviance.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Quantum Leap Season 3 Dvdrip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Real Time with Bill Maher 04-21-2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\RegDoctor v1.59 WinALL Regged-CzW -Read .NFO-.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Revolutionary War Images PDF E-Book (140 Pictures).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Rihanna A Girl Like Me 2006 Seed By Www P2p World Dl Am Rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Rolling Stone S 500 Greatest Songs.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Rome Total War.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Samurai 7 Cat5 Subbed Eng Sub Japanese Dialogue.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Samurai Champloo.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Scary Movie 4 TS SWESUB XViD-TF.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Schamlos Ausgenutzt German 2006 Xxx Dv.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\School Rumble 1 26 Complete Tv Eng Sub.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Scrubs S05 E18.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Season 1 Dvdrip Charmed Bt.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Season 4 Hdtv.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Serial Experiments Lain.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Shakira Oral Fixation Vol 2 2005 Flac.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Shakira Oral Fixation Vol 2 2005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Silent Hill 3 Pc Just Mount No Crack Needed.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\SlySoft(AnyDVD v5 5 5 1+CloneCD v5 2 6 1+CloneDVD2+patch).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Socom 3 Us Navy Seals Pal Multi5 Ps2dvd War3x.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Sopranos Complete Season 3 Divx.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Star Trek Star Trek Voyager Season 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Syd Esd Gfx Sd Bat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\System Of A Down Hypnotize Retail 2005 Xxl.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\T Pain Rappa Ternt Sanga Retail 2006 Md.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Teddy Geiger Underage Thinking Cd Jfk.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Teddy Geiger Underage Thinking Retail 2006 Rns.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Terms of Service.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Beatles Huge Collection.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Best Ever Collection 30 Albums Part 1 Of 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Best Ever Collection 30 Albums Part 2 Of 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Best Ever Collection 30 Albums Part 3 Of 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Chronicles Of Riddick Escape From Butcher S Bay Developer S Cut.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Doors 31 Albums.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Elder Scrolls Iv Oblivion Nodvd Crack.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Elder Scrolls Iv Oblivion Reloaded.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Lord Of The Rings Battle For Middle Earth 2 Reloaded.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The O.C. - The O C S03E22 HR HDTV AC3 5 1 XviD-NBS.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Producers (2005) DoNE DVDRiP KVCD by Hockney(TUS Release).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Simpsons S Song 1 15 Komplett.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Sims 2 Pc Game.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\The Strokes First Impressions Of Earth 2006 Cd Vid Cov.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Tin Daz Sys Exe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Toca Race Driver 3 Sfclonedvd Mirror.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Tomb Raider Legend Clonedvd Itwins.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Tomb Raider Legend Pcdvd Multi7 Www Pctorrent Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Tomb Raider Legend Reloaded Inc Crack.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Tomtom5 Europe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Top 100 Hits Of The 80 S.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Top 250 Hits Of The 90 S.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Top 500 Rock And Roll Songs.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Trigun Ogm Dual Audio Fin.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\U2 Discography.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Ubersoldier Reloaded Www Bitworld Info.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Underoath Define The Great Line 2006 Gf.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Underoath Define The Great Line 2006 Ihw.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Underoath Define The Great Line 2006 Ust.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\V For Vendetta Ts Xvid Full.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Va Now 63 2cd 2006 Uf.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Var Psk 0 2 Bat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Vinis 32k Tgr.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Warcraft Iii The Frozen Throne 2disks Cr Kp Chser.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Win Auto Run Nasty Exe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Win Vista 5342 X86.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Win XP Activation stuff.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Windows XP Anti Product Activation.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Windows Xp X64 Pro Corporate Xiso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\World Of Warcraft Isos Eng Us Server Browser.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\World Soccer Winning Eleven 10 JPN PS2DVD www torrentstation com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Worms 4 Mayhem Reloaded.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\X Men All Seasons.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\X4 Sd5e17 Groper.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Xbox Pal Multi5 Ghost Recon Advanced Warfighter.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Xbox Pal Multi7 Tomb Raider Legend.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Yew Chen Ver 1 2 0 4 Exe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\Yin Saz Kaw Bat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\[KH]Midnight Strike 1-2 henta.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\[LuPerry com] dot hack Roots - 03 (704x480 xvid) [EE72D7F1] mkv.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\[Q-R] Black Lagoon ep 03 (XviD 704x396 24fps VBR) avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\[Shinsen-Subs] Black Lagoon 02 [FD1D5432] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Cartoons\Bearshare\Shared\[Shinsen-Subs] xxxHOLiC - 03 [A3D2C9CB] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B217BEF-E401-4D8E-B121-D68EC7\6C528FCB-8EC1-495A-B294-5B3C2F -> Adware.EZula : Cleaned with backup


::Report End

HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 11:06:48 PM, on 03/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\MediaKey\MMKeybd.EXE
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aaotracker.com/usertracker.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.game-revolution.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [StarSkin] C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\STARSKIN.EXE -H
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MMKeybd.EXE
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: QuickLauncher.lnk = C:\Program Files\ServerSpy.Net\GameLauncher\quicklauncher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A79AAEF-0913-4E57-9429-59EA4377D8E9} (LaunchGame.launchGameCtrl) - http://cartoon.ongamenet.com.au/LaunchGame_20050802.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes...ion=4,3,2,20802
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127885622640
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD

#8 User is offline   Jag11 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,027
  • Joined: 17-November 05
  • Location:127.0.0.1

Posted 04 May 2006 - 12:47 AM

Hi Dragoon,

Ewido found many files, and most of them are I think your downloads from BearShare. They're all "infected". And BearShare is bundled with spyware according to this page. So please uninstall BearShare, and find an alternative "clean" P2P on that site I gave you.

Also, I see that your log is cut-off, there are some lines missing, make sure you post the full log on your next post.

=====================================

Update Java
  • Go to Start » Control Panel » Add/Remove Programs.
  • Search for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have this icon next to it: Posted Image
  • Click that entry and then click on the Change/Remove button.
  • Then download and install the newest version from here.
=====================================

I notice that you have Windows Defender running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. You can re-enable this when your computer is already clean.

Disable Windows Defender
  • Go to Tools » General Settings
  • Scroll down to Real-time protection options
  • Uncheck Turn on real-time protection (recommended)
Then, in the toolbar across the top there is a little downpointing arrow next to the question mark icon.
Click on that, get a drop down list. One of the options is to exit Windows Defender.
Click on that, and there will be a pop up asking if you are sure you want to exit. Click Yes/OK.

=====================================

Show Hidden Files and Folders

Click Start » My Computer » Tools » Folder Options. Select the View tab.
  • Check - Show hidden files and folders
  • Uncheck - Hide file extensions for known types
  • Uncheck - Hide protected operating system files
Click Yes to confirm, then OK to exit.

=====================================

Reboot into Safe Mode
  • Restart your computer.
  • Before the Windows logo appear, tap F8 repeatedly.
  • A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
  • This will take a while than usual, so just wait.
=====================================

Uninstall Programs

Click Start » Control Panel » Add/Remove Programs, and then remove the following program/s (if present):
    BearShare
=====================================

Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe <~ Please read this about ShowWnd (towards the end of the page). If you have a Gateway computer and it applies to you, don't fix this entry.

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Delete this folder (if found) :

C:\Program Files\BearShare\

Delete this file (if found) :

C:\WINDOWS\system32\ShowWnd.exe <~ don't delete if you didn't fix the 04 entry of it above.

=====================================

Restart your computer

=====================================

Clear IE's Cookies and Cache
  • Close all instances of Outlook Express and Internet Explorer.
  • Go to Control Panel » Internet Options » General tab.
  • Click the Delete Cookies.
  • Next to it, Click the Delete Files button.
  • When prompted, place a check in: Delete all offline content, click OK.
Clear Firefox' Cookies ( in case you also have the Firefox browser )
  • Open Firefox.
  • Click Tools » Options.
  • Click the Privacy tab, then the Cookies tab.
  • Click the Clear Cookies Now button.
  • Then click OK to exit.
Clean Temporary Files
  • Go to Start » Run » type: cleanmgr » OK.
  • Choose (C:) and then click OK.
  • Make sure these are the only ones that are checked :
    • Temporary Internet Files
    • Temporary Files
    • Recycle Bin

  • Click OK to remove them.
  • Click Yes to confirm the deletion.
=====================================

Run an online scan at Panda's ActiveScan
  • Please go here and perform a full system scan. (use Internet Explorer)
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your Valid Email and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • Click on Local Disks to start the scan.
  • Once finished, click see report, then click Save report.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

=====================================

In your next reply, please include these log(s):
  • HijackThis log (new)
  • Panda
.
Good luck,
Jet Ian

Posted Image
.
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#9 User is offline   Jag11 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,027
  • Joined: 17-November 05
  • Location:127.0.0.1

Posted 13 May 2006 - 12:23 AM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Regards,
Jet Ian
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users