Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have Many Things Wrong Right Now!


  • This topic is locked This topic is locked
12 replies to this topic

#1 terir

terir

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 24 March 2006 - 05:15 PM

I'm currently in pop-up hell. Norton keeps finding viruses and deleting them, as does the other programs (cwshredder, adaware, etc) but the problems won't go away. Any help would be greatly appreciated. Thanks in advance!




Logfile of HijackThis v1.99.1
Scan saved at 3:10:15 PM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1136050073\ee\AOLSoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\mousepad5.exe
C:\WINDOWS\sys02113832713.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\system32\A4A3AAA6A8AEAA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\default\Local Settings\Temp\wza838\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136050073\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [sys02113832713] C:\WINDOWS\sys02113832713.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [win3208713113832] C:\WINDOWS\win3208713113832.exe
O4 - HKLM\..\Run: [win3209131138327] C:\WINDOWS\win3209131138327.exe
O4 - HKLM\..\Run: [57565D595B615D5C] A4A3AAA6A8AEAA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: svchost.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143228283578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\kt4ql7h51.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Edited by terir, 24 March 2006 - 05:31 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 25 March 2006 - 08:46 AM

hello,

Go to start > controlpanel > software > add/remove programs and uninstall mosearch if present.

Download Brute Force Uninstaller.
Unzip it to a folder of its own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok
Then click execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt present on your desktop and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 terir

terir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 25 March 2006 - 12:05 PM

Thanks for your advice. I've done what you suggested (mosearch wasn't on the list). Here are the requested files:

Look2me-Destroyer.txt:

Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 3/25/2006 9:51:06 AM

Infected! C:\WINDOWS\system32\kt4ql7h51.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\kt4ql7h51.dll
C:\WINDOWS\system32\kt4ql7h51.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}"
HKCR\Clsid\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BD472F60-27FA-11cf-B8B4-444553540000}"
HKCR\Clsid\{BD472F60-27FA-11cf-B8B4-444553540000}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"
HKCR\Clsid\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}"
HKCR\Clsid\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{53C74826-AB99-4d33-ACA4-3117F51D3788}"
HKCR\Clsid\{53C74826-AB99-4d33-ACA4-3117F51D3788}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7F1ED3C1-8AC9-428D-88A6-46BA2DE921F3}"
HKCR\Clsid\{7F1ED3C1-8AC9-428D-88A6-46BA2DE921F3}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded



HiJack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:57:38 AM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1136050073\ee\AOLSoftware.exe
C:\WINDOWS\sys02113832713.exe
C:\WINDOWS\system32\A4A3AAA6A8AEAA.exe
C:\WINDOWS\system32\csrrs.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\CfgWiz.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\default\Local Settings\Temp\wz1207\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136050073\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [sys02113832713] C:\WINDOWS\sys02113832713.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [win3208713113832] C:\WINDOWS\win3208713113832.exe
O4 - HKLM\..\Run: [win3209131138327] C:\WINDOWS\win3209131138327.exe
O4 - HKLM\..\Run: [57565D595B615D5C] A4A3AAA6A8AEAA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: svchost.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143228283578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 25 March 2006 - 12:19 PM

Hello,

Can you check something for me please?
In the C:\BFU-folder you created, where BFU.exe is present, is there a file called alcanshorty.bfu present in there?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 terir

terir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 25 March 2006 - 12:46 PM

It is now! I must have skipped a step the first time. I redid all the steps and now the alcanshorty.bfu file is in the c:/bfu directory. Here are my files again.


Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 3/25/2006 10:33:13 AM


Attempting to delete infected files...

Making registry repairs.


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}"
HKCR\Clsid\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BD472F60-27FA-11cf-B8B4-444553540000}"
HKCR\Clsid\{BD472F60-27FA-11cf-B8B4-444553540000}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"
HKCR\Clsid\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}"
HKCR\Clsid\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{53C74826-AB99-4d33-ACA4-3117F51D3788}"
HKCR\Clsid\{53C74826-AB99-4d33-ACA4-3117F51D3788}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7F1ED3C1-8AC9-428D-88A6-46BA2DE921F3}"
HKCR\Clsid\{7F1ED3C1-8AC9-428D-88A6-46BA2DE921F3}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded



Logfile of HijackThis v1.99.1
Scan saved at 10:43:16 AM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1136050073\ee\AOLSoftware.exe
C:\WINDOWS\sys02113832713.exe
C:\WINDOWS\system32\csrrs.exe
C:\WINDOWS\system32\A4A3AAA6A8AEAA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\default\Local Settings\Temp\wz5afe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136050073\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [sys02113832713] C:\WINDOWS\sys02113832713.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [win3208713113832] C:\WINDOWS\win3208713113832.exe
O4 - HKLM\..\Run: [win3209131138327] C:\WINDOWS\win3209131138327.exe
O4 - HKLM\..\Run: [57565D595B615D5C] A4A3AAA6A8AEAA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: svchost.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143228283578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 25 March 2006 - 12:58 PM

That's what I thought you missed the step with Alcanshorty :thumbsup:

Anyway, let's deal with the rest now..;

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Hijackthis is still in your temp-folder, so I strongly advise to create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.
How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

* Please set your system to show all files; please see here if you're unsure how to do this.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

I see you have Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
* Reboot into Safe Mode`: ( without networking support !)
To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [sys02113832713] C:\WINDOWS\sys02113832713.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [win3208713113832] C:\WINDOWS\win3208713113832.exe
O4 - HKLM\..\Run: [win3209131138327] C:\WINDOWS\win3209131138327.exe
O4 - HKLM\..\Run: [57565D595B615D5C] A4A3AAA6A8AEAA.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - Global Startup: svchost.exe
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\sys02113832713.exe
C:\WINDOWS\system32\csrrs.exe <== WATCH the spelling!! Don't try to delete csrss!!! Because that's a legit/ok file
C:\WINDOWS\system32\A4A3AAA6A8AEAA.exe
C:\WINDOWS\system32\w9seq.dll
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\win3208713113832.exe
C:\WINDOWS\win3209131138327.exe
C:\PROGRAM FILES\COMMON FILES\System\MOSearch <== folder

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply
together a fresh HijackThis log and the ewido-log so I can take another look.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 terir

terir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 25 March 2006 - 03:43 PM

Here are my new logs as well as the Panda scan report. Should I click on 'Disinfect' before closing the Panda window?


Logfile of HijackThis v1.99.1
Scan saved at 1:21:28 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1136050073\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...://www.msn.com/
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136050073\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143228283578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:33:09 PM, 3/25/2006
+ Report-Checksum: E1147FD0

+ Scan result:

HKLM\SOFTWARE\Classes\SWRT01.RT -> Adware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Adware.SecondThought : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup
C:\WINDOWS\SYSTEM32\UpdInstall.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\eocdec.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\in10b6s.dll/bi.dll -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\in10b6s.dll/biprep.exe -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\in10b6s.dll/bi.dll -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\in10b6s.dll/biprep.exe -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\SWRT01.dll -> Adware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\SYSTEM32\prpusd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\csrrs.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\SYSTEM32\ijhhbogo.dll -> Adware.Agent : Cleaned with backup
C:\WINDOWS\SYSTEM32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\b.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\sms112x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\tct101.dll -> Downloader.Dyfuca.eg : Cleaned with backup
C:\WINDOWS\MSMGT.exe -> Adware.TotalVelocity : Cleaned with backup
C:\WINDOWS\win3206327131138.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\win3207271311383.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\soft.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\WINDOWS\pf79.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\FCAdvice\FCAdvice.dll -> Adware.CASClient : Cleaned with backup
C:\Program Files\FCAdvice\FCAdvice.exe -> Adware.CASClient : Cleaned with backup
C:\Program Files\HJT\backups\backup-20060325-113238-693.dll -> Adware.Suggestor : Cleaned with backup
C:\Program Files\HJT\backups\backup-20060325-113238-439-svchost.exe -> Dropper.VB.lu : Cleaned with backup
C:\NULL -> Downloader.QDown.d : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@wreport.weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\default\Shared\_\xzxzxzxzxzxz.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\GameSpy 3D.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\AceFTP v3.01 Pro.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ad Popup Killer v4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\FlashFXP v2.2.951 BETA.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\BoomBox Radio.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\NeoTrace Pro 3.25.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\No1 CD Ripper v1.72.42.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Filemanag v3.01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\TransMac v6.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Clean Disk security v7.02.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\WinGlobe 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Teleport Pro v1.29.2018.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SuperCleaner v2.65.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SpyAnytime PC Spy v2.24.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Bearshare Pro 5.2.1.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\WinRar Crystal Special Edition.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\WinRAR Gold Plus Extras.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Bad Boys 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Scooby Doo The Scary Stone Dragon.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Mobile Ringtone Converter 2.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\AB Commander XP Edition 6.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Astrum InstallWizard 2.22.20.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Digital Camera Poster Creator v2.52.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Easy Envelopes v2.1.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\UltraConverter v1.9.31.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Cyberlink Power2GO v5.00.1104.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Smart PC Professional v4.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Arc DVD Copy v1.2.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Photodex ProShow Producer v2.6.1774.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Saint Paint Studio 10.17.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Star Wars Empire At War Dvd ISO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Micro.Sys.TimeSage v1.25.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Missile Commander XP 1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Mocha W32 Telnet v5.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\NiceMC Pro DVD Player v1.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ocean FTP Server v1.1.7.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\PageFour v1.42.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Pgware PcBoost v3.3.20.2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Pgware PcMedik v6.3.20.2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\IP Anonymous Tools.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\AutoRun III Professional v3.0.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Tech Disc Standalone AIO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Symantec Client Security Corporate V3.0.2.2000.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\AVG Anti-Virus v7.1.384.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Lords of the Realm 3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Half-Life 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Civilization IV.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\World Soccer Winning Eleven 9 International DVD iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Dawningsoft pdf2chm v1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\008soft File Tree Printer v3.1.6.83.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ace Video Workshop v1.4.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Adolix Computer Security v1.52.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Adolix eCover Engineer v4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\FAR v1.70.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Apollo DVD Copy v4.6.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\AI Roboform v6.6.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\FeedDemon v2.0.0.17 Beta.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Greatest Hits Of The 60s (8 CDs 2000 192) 3368876....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Tractorpulling SM Fj r s wmv 3356680 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Boothbabes E3 [Nice chicks on E3] 3333451 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\VW AUDI ETKA 6 31 537 (APRIL 05) crack rar 3355948....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Art Bell Paranormal Themed Radio Program (Occult....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\New ThunderCats Movie Trailer 3302634 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Kalle Anka och Djungelns Pajas 3GPfil 3363494 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Limp Bizkit Ozzfest Float Rite Park Somerset WI....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Halo 2 The Truth Unlimited Collectors Edition ANP....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Good Eats S09E06 DSR XviD ORENJi 3365534 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Killzone online clip 3325423 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Jennifer Lopez Let s Get Loud (2001) Full DVD....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Trotes Cl ssicos HAUHAUHAU 3372160 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Phoenix Nights Season 2 episode 1 3362214 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Battlestar Galacticca 2x05 [crimson AVI] 3369183....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Pink Floyd Live Aid 2005 (part III) 3351534 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\QueenAdreena The Butcher And The Butterfly 3347579....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SPY KIDS 3D swe speech sub DVD5 PAL 3348015 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Stargate SG 1 Music Video Time After Time 3355087....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Sheryl Crow C mon America 2003 (DVDRip DivX)....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\skatoness Dvd en vivo 3371129 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Dragon Ball 81 100 PL 3368833 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Farben Lehre concert 3367433 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\FilmVids 3359785 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Hammerfall 3368906 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Festen dvdrip xvid Dogme avi 3364189 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Babylon 5 Season 4 Disk 1 DVD R 3354829 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Man Utd v Debrecen 2nd half avi 3368204 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Omslag Snalvatten och Jakelskap Custom jpg 3371914....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ter sbetoni Taivas ly tulta 3356402 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Own the Box 0 1 3366337 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Aerosmith MTV icon 3363608 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Negima 26 Xvid avi 3360620 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Common Go 2005 vDz rar 3349955 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Super Size Me 3365018 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Wallander Innan Frosten DVDR 3344755 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Fleetwood Mac Man of the World(HSMClipCollection)....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Boards of Canada The Campfire Headphase 2005....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Nine Inch Nails We re In This Together (1999)....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\BulletProofFTP242 client crack zip 3371974 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Dragon Ball Z 121 140 [Lektor PL] [TV Rip]....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ayumi Hamasaki 107 Music Videos 3365215 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\hollowsun samples rar 3347487 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\ONG BAK ISO 3350786 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Mala Vita Mani Fiesta 3368651 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\X FILES Season 4 [Complete] Grizz69 3362889 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\James Brown live from the House of Blues avi....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\The Shawshank Redemption(Nyckeln till Frihet)....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Daredevil 2003 DC NORDiC PAL DVDR iRCO 3371477 TPB.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Smashing Pumpkins Bullet with butterfly wings mpg....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Emerson, Lake &amp; Palmer Emerson, Lake &amp;....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\The Shadows Complete Singles As &amp; Bs 1959 1980....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\X Men 9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Demons and wizards touched by the crimson....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Just Friends DVDRip XviD LMG.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Adobe Creative Suite 2 Workflow Integrating the....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Gora Samocvetov Voron Obmanshik TVrip avi.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Foreigner Studio Discography.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Pearl Jam.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Messenger Beta.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Nero 7.0.8.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Jennifer De Wilde DVD.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Narnia Desert Land (2001) Neoclassical Melodic....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Narnia Long Live The King (1999) Neoclassical....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Sopranos S06E01 avi.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Die Siedler 4 [Gold Edition] [GERMAN FULL GAME].exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Corinne Bailey Rae Corinne Bailey Rae.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\WinZip 10.0 Pro Edition h33t.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\NHL Stars vs Kings 031606 Xvid Eng.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\PC The Sims 2 Open For Business 1CD Multi15....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\M D K Splatterguts.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\HIST UFO Files Alien Engineering Part one avi.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\The Game G A M E 2006 C4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\[DAF] Candy Candy 1976 (Jpn aud Eng sub) Ep 000....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Terrorvision Formaldehyde.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\pink floyd discography 1970 2 BY THE OLD MAN.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\pink floyd discography 1970 1 BY THE OLD MAN.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\pink floyd discography 1969 BY THE OLD MAN.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\pink floyd discography 1968 BY THE OLD MAN.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Blitzkrieg Add On Total Challenge 1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\pink floyd discography 1967 BY THE OLD MAN.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Blitzkrieg Add On Total Challenge MP.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Blitzkrieg Add On Total Challenge 5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Blitzkrieg Add On Total Challenge 4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Blitzkrieg Add On Green Devils.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\The OC S03E17 HDTV XviD LOL.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Blade Trinity 2004 DVDRip Kvcd.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Nordanschlag feat N.A.B. HIP HOP Movie 30MB....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\HBCC BassTekk [N.A.B.] [kifferle part1] HipHop....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\HBCC BassTekk [ganz oder garnicht auf aggro] HIP....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\MarocMc feat. McInvader [NAB] BEATBOX MOVIE 5,34....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Die Bismarck James Camerons Vision [MVCD] English....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Die Bismarck James Cameron Dokumentation [GERMAN]....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Chino XL Poison Pen (2006) (Retail Album)....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Lost S01 SweSubs For Lost S01 DVDRip XviD WAT rar.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\[YDY] Kiss 13 torrent.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\The Game Put You On The Game mp4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\A Beautiful Mind.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\[Kirei] One Piece Film 6 DVD avi.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\PEE WEES PLAYHOUSE DISC 6 ISO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\WinRAR v3 50 Beta 4 HEB ENG NiTROGEN Oron123....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\DVD Treasury setup dvd seedet by Torrent Galaxy to....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\IR remote.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\goomwin32 setup sista versionen 2004.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Red and Sonny west interview march 13 1978 (efter....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Athletic Bilbao vs Real Madrid 20060103 1st Half....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Tomb Raider III.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\33s MS Autoroute zip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\[ENS] Bondage Game Game 1 Yuu [B7D6599A] avi.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Toward the Center of the Night.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\bob dylan the times they are a changin (2005) VBR.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\STORIA MILAN 02 [C XC O T 80 S 0 A IT Q 125]....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\NOD32 2 5 07 Beta.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Lavavo DVD Ripper v2 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\the temptations all directions (1972) VBR.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Atze Schroeder Meisterwerke rar.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\[Kirei] One Piece Film 6 DVD AC3 5 1 avi.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\InuYasha 127 Don t Boil It! The Terrifying Dried....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Radio Station Admin Pack AIO rar.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\VA 538 Dance Smash Hits 2005 Vol 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\13 Gracias.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\bee gees the best of coverversion (2005) 192.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Music Videos.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Venom V O Subs Spanish DvD Rip Xvid Spanish Grup....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Quo Vadis Defiant Indoctrination.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Lothar und Franz Gute Freunde kann niemand trennen....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Judas Priest Angel Of Retribution.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\joey moe flip it (like a dj) (produced by nexus)....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\motown greatest hits (2003) 192.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Bleach VR [209] [BleachSP Mangatika] zip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Tutto Troisi Vol 9 Che Ora Dvd Rip BY Unip@c avi.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Final Fantasy VII 2005 DVDRip XviD VOSTF.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Your Favourite Weapon.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\the merrymen big bamboo (1989) 192.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\verderf zalendemo gemasterd.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Green River Killer V O Subs Spanish DvD Rip Xvid....exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Madonna Hung Up (15 Versions!).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Blood Omen Legacy of Kain [ntsc] psx.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Kaena The Prophecy AC3 FSB Retry MTF.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Bloodhound Gang.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Bleach VR [208] [BleachSP Mangatika] zip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\the best summer holiday ever (2003) 128.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Lumsk Nidvisa.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ace Video Workshop 1.4.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\KoolMoves 5.2.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Golden Eye 4.50.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Flash Decompiler 2.5.9.325.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Steganos Security Suite 2006 8.0.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\DivX Create Bundle 6.1.1.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\InterVideo DiscMaster 2.5B033.43C00.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Spyware Doctor 3.5.1.498.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ulead Photoimpact 11.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Maya 7.01 Unlimited Retail.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Kaspersky Anti-Virus Personal Pro 5.0.390.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Winrar 3.51 Gold Edition.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SpySweeper 4.5.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Norton Internet Security 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Norton Ghost 10.206.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Norton Utilities 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\CloneCD v5.2.8.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\CloneDVD 3.9.0.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Finding Neverland.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\From Hell.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Van Wilder.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Office Space.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Football Manager 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Supercross 2005.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Oceans 12.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Shrek 2 The Game (PC).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Tony Hawks Underground 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Microsoft Office Enterprise 2003.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Task Force 121.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\The Great Raid.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Macromedia Studio 8.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Zoo Tycoon 2 Endangered Species.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Torino Winter Olympics 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Delta Force 3 Land Warrior.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Sin City DVDRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Tony Hawks American Wasteland.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Rugby Challenge 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Underworld Evolution DVDRip Xvid.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\GUN DVD iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Playboy The Mansion Gold Edition iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Miss Congeniality 2 DVDRip Xvid.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Bewitched DVDRip Xvid.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Desktop SidebarXP.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Gmail2 v2.21.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\AnyDVD v5.2.4.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Hide IP v1.63.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Pop DVD Ripper v1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Trash It! v1.80.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Antenna Web Design Studio v2.5.100.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Easy Karaoke Recorder v1.62.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SpyStopper v3.0F.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ocean FTP Server v1.04.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Super DVD Copier v5.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\CloneCD v5.2.5.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Office DocumentsRescue Pro 2.7.73.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\DVDFab Platinum Edition 2.70.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\ZoneAlarm Pro 5.5.062.011.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\XP Codec Pack 1.0.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SuSE Linux 9.1 Personal 1CD.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Internet Download Accelerator 4.1.1.814.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\HyperCalendar 2 2.37.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Flash Designer v5.0.20.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Index Search Assistant v3.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\BellCommander v2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\MarkCD v2.01.01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Parallaxis WinClip v3.1.2.27.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Opera 8.01 Build 7642 Final.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ahead NeroVision Express 3.0.1.27.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Advanced Windows Password Recovery 2.9.1.224.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SWFKit 2.2r2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\StyleXP 3.04.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Datiris Profiler v1.1 build 164.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\EVEREST Professional v1.10.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Pop up Blocker Pro 7.0.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Inbit FullShot Enterprise 8.5.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Super Video Joiner 1.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\MPEG Video Wizard v2005.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Folder Guard Professional 7.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\WinTools.net Professional Edition 5.7.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\xFTP 1.3.0010.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Xchat 2.4.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Anti Tracks v5.3.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SystemTools Hyena 6.0D.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SWF n Slide 1.105.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Spy Cleaner Pro 8.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\PowerArchiver 2004 9.0.33.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\One Click BackUp For WinRar 2.12.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\MinuteMan Plus v7.3e.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\GigAlarm 1.28.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\FileFilter Shell Extension v2.1.94.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\dotTrace Profiler v1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Date Time Counter Personal Edition v1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Astral Masters 1.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Tunebite v2.0.1.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\MicroCCD v4.01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\PatternMaker v7.04.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\PHPMaker v3.2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Smart Photo Viewer 2.15.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\SQL Server Backup 4.01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Webroot Spy Sweeper 4.5.3 Build 560.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Dream In Pictures 1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Crystal Button 2.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Teleport Pro V. 1.38.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\ImTOO Programs FULL.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Cheetah DVD Burner v1.49.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Hpmbcalc v2.30.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Making Waves Studio v5.27.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\PDF2TXT v3.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\PDF2Word v1.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Plato DVD Ripper v1.31.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\DiskExplorer for NTFS v2.31.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Sothink DHTMLMenu v6.2 Build 51011.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\BSDRAR v3.51 For FreeBSD.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\CyD FTP Client XP 7.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\StudyProf Flash Cards v1.05.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Easy CD Cover Creator v3.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Acme CAD Converter v5.73.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Talking Dictionary English to Hungarian.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ap PDF Split & Merge v2.30.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Full Video Converter 2.8.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Easy CD-DA Extractor 7.13.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\File & Folder Protection AIO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\TweakNow PowerPack 2006 Professional v.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\VideoCharge 3.3.0.12 for Professionals.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\J. River Media Center 11.0.315.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Kruptos v2.0.0.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\default\Shared\_\Ji

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 26 March 2006 - 04:05 AM

Hello,

Your logs are not complete here. So can you post the Panda log in your next reply please?

Yes, also click on disinfect if you didn't before.

Can you also perform next please?

Download and Save blacklight to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply together with the Panda Log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 terir

terir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 26 March 2006 - 10:39 AM

Sorry about forgetting the Panda log. When I clicked on disinfect, I was taken to a page to purchase software (which I can't do right now). Can I manually delete these instead?
Thanks for all your help!


Panda Log:
Incident Status Location

Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\SYSTEM32\xmltok.dll
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\F?nts\taskmgr.exe
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1014.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Downloaded Program Files\ashton.inf
Adware:Adware/DigInk Not disinfected C:\WINDOWS\pf78bb.exe
Adware:Adware/DelFinMedia Not disinfected C:\Program Files\Common Files\remove_tools.html
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Spyware:Spyware/BetterInet Not disinfected C:\undo\backup.cab[BIINI.INF]
Spyware:Spyware/BetterInet Not disinfected C:\undo\backup.cab[BIE.INF]
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Ssk.log
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\default\Desktop\smitRem\Process.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\default\Cookies\default@realmedia[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\default\Cookies\default@adrevolver[3].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\default\Cookies\default@i.screensavers[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\default\Cookies\default@www.advnt01[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\default\Cookies\default@belnk[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\default\Cookies\default@searchportal.information[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\default\Cookies\default@dist.belnk[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\default\Cookies\default@adopt.hbmediapro[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\default\Cookies\default@xiti[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\default\Cookies\default@maxserving[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\default\Cookies\default@azjmp[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\default\Cookies\default@fortunecity[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Rugrats\Cookies\rugrats@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Rugrats\Cookies\rugrats@banner[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Rugrats\Cookies\rugrats@searchportal.information[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Rugrats\Cookies\rugrats@go[1].txt

**************************************************************************************

03/26/06 08:34:01 [Info]: BlackLight Engine 1.0.33 initialized
03/26/06 08:34:01 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/26/06 08:34:01 [Note]: 7019 4
03/26/06 08:34:01 [Note]: 7005 0
03/26/06 08:34:06 [Note]: 7006 0
03/26/06 08:34:06 [Note]: 7011 1248
03/26/06 08:34:06 [Note]: FSRAW library version 1.7.1015
03/26/06 08:35:27 [Note]: 7007 0

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 26 March 2006 - 10:55 AM

Hi terir,

That's ok, we'll clean it manually. :thumbsup:

Delete next files and folders:

C:\WINDOWS\SYSTEM32\xmltok.dll
C:\keys.ini
C:\undo\backup.cab
C:\WINDOWS\pf78bb.exe
C:\Program Files\Common Files\remove_tools.html
C:\WINDOWS\SYSTEM32\F?nts <== this folder, most probably called fonts and contains the file taskmgr.exe !! Watch out!! Don't delete any other fonts folders present! Because those are legit ones!! The one you have to delete only contains the taskmgr.exe. Also, be careful here, there's also a legit taskmgr.exe in your C:\Windows\System32-folder and dllcache. Don't delete those ones!!!

Go to start > run and type: regsvr32 /u occache.dll
(or copy and paste this in the field in start > run )
Click Ok

Now search and delete:

C:\WINDOWS\Downloaded Program Files\ashton.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1014.dll

Go to start > run and type regsvr32 occache.dll
Click OK

Then clean your IE cache and cookies again as I already explained in a previous post. :flowers:

By the way, your previous hijackthislog looks clean again.
Let me know in your next reply how things are running now. :huh:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 terir

terir
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 26 March 2006 - 11:30 AM

Thanks for all of your help. My computer appears to be back to normal now, which is greatly appreciated. Have a wonderful day.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 26 March 2006 - 11:36 AM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 03 April 2006 - 06:50 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users