Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Removal


  • This topic is locked This topic is locked
16 replies to this topic

#1 pimfram

pimfram

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 01 June 2006 - 11:04 PM

i have recently acquired a pretty bad virus. i already performed a windows repair form a boot cd and the os seems to be good now. i have used proces explorer to kill the main culprit. heres the hjt log. fyi i had the acftp before this issue. thank you for your time.

Logfile of HijackThis v1.99.1
Scan saved at 11:02:48 PM, on 6/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\QnJhbmRvbg\command.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows\wWinUpdate.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\aykuf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ktrypos.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [{51-10-00-03-ZN}] C:\windows\system32\pjdsrego.exe GID003
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinkqez.exe GID003
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [w0020128.dll] RUNDLL32.EXE w0020128.dll,I2 0012b96b00020128
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\rwinkqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146017353615
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll
O20 - Winlogon Notify: acftp - C:\WINDOWS\Help\acftp.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\bqzip.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - c:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QnJhbmRvbg\command.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:12 PM

Posted 02 June 2006 - 06:06 AM

Hello,

This is a nasty log. :thumbsup:


It is really important you perform next instructions in the right order without missing any step!


* Go to start > controlpanel > software > add/remove programs and uninstall next if present:

ZenoSearch
Network Monitor
Internet Optimizer
webHancer Customer Companion


Reboot afterwards.. important!

After reboot,

* Download AlcanShorty from here.
  • Click the download button below and agree to download the fix.
  • Download Alcanshorty to your desktop.
  • DoubleClick alcanshorty_en.exe and click install
  • This will create a new folder on your desktop called alcanshorty_en
  • Open that folder and doubleclick Run.bat
  • Once the fix starts, your icons and desktop will disappear, this is normal.
Make sure you have a working internet connection. In case your firewall gives an alert, don't block it,
because alcanshorty needs to download some additional files to let the tool run properly.
  • Wait for the complete script execution box to popup and press OK.
  • Press exit to terminate the BFU program.
-------------------

Reboot.

* Download Combofix.zip
Unzip it to its own folder.
Read here how to unzip/extract properly.
Open the Combofix folder and doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post this log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 pimfram

pimfram
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 June 2006 - 11:09 AM

Start Time= Fri 06/30/2006 10:56:51.57

(((((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acftp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sv1"=""

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"CLSID\\{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"="LeechGet \"Copy Here\" Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{E2E223C0-5EE1-11D3-8528-FF3E959B4437}"="GSplit Context Menu Shell Extension."
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
"{330417E8-EF62-4047-82BE-D8305CEFF572}"="AMEncShlExt extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{50B1201D-D987-40B0-B373-1E73695CAB35}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{50B1201D-D987-40B0-B373-1E73695CAB35}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B1201D-D987-40B0-B373-1E73695CAB35}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B1201D-D987-40B0-B373-1E73695CAB35}\InprocServer32]
@="C:\\WINDOWS\\system32\\bqzip.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{6E7075B1-3014-48C5-90BB-F127CF84DDC8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E7075B1-3014-48C5-90BB-F127CF84DDC8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E7075B1-3014-48C5-90BB-F127CF84DDC8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E7075B1-3014-48C5-90BB-F127CF84DDC8}\InprocServer32]
@="C:\\WINDOWS\\system32\\nhtfxperf.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\HR0S05~1.DLL
C:\WINDOWS\SYSTEM32\NHTFXP~1.DLL
C:\WINDOWS\system32\guard.tmp


Granting SeDebugPrivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))


Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *




* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-29 22:42:22 48,187 "C:\WINDOWS\SYSTEM32\VSL03.exe"
2006-06-29 22:40:34 48,167 "C:\WINDOWS\SYSTEM32\VSL05.exe"
2006-06-01 21:06:04 217,088 "C:\WINDOWS\SYSTEM32\x3cqp0.dll"
2006-06-01 21:06:04 28,672 "C:\WINDOWS\SYSTEM32\gbe90qs.exe"
2006-05-23 17:25:52 285,488 "C:\WINDOWS\SYSTEM32\WgaTray.exe"
2006-06-01 21:06:00 2 "C:\WINDOWS\SYSTEM32\wtssvtr.exe"
2006-03-30 04:16:04 1,492,480 "C:\WINDOWS\SYSTEM32\shdocvw.dll"
2006-04-03 11:40:10 14,048 "C:\WINDOWS\SYSTEM32\spmsg.dll"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *




DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-01 21:06:04 28,672 "C:\WINDOWS\SYSTEM32\gbe90qs.exe"
2006-05-23 17:25:52 285,488 "C:\WINDOWS\SYSTEM32\WgaTray.exe"
2006-06-01 21:06:00 2 "C:\WINDOWS\SYSTEM32\wtssvtr.exe"
2006-06-29 22:42:22 48,187 "C:\WINDOWS\SYSTEM32\VSL03.exe"
2006-06-29 22:40:34 48,167 "C:\WINDOWS\SYSTEM32\VSL05.exe"
2006-06-01 21:06:04 217,088 "C:\WINDOWS\SYSTEM32\x3cqp0.dll"


((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Brandon\Local Settings\Temp\SskUpdater3.exe
C:\SS1001.exe
C:\WINDOWS\SYSTEM32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-06-30 10:58:42 234272 ( ..S.R ) "C:\WINDOWS\SYSTEM32\oobcp32r.dll"
2006-06-30 10:58:40 236208 ( ..S.R ) "C:\WINDOWS\SYSTEM32\o6lulg3916.dll"
2006-06-30 10:49:44 235257 ( ..S.R ) "C:\WINDOWS\SYSTEM32\f02mlaf11d2.dll"
2006-06-30 10:43:20 234272 ( ..S.R ) "C:\WINDOWS\SYSTEM32\ir04l5dq1.dll"
2006-06-30 10:37:46 78336 ( A.... ) "C:\WINDOWS\wnu_25.exe"
2006-06-30 10:35:46 24296 ( A.... ) "C:\WINDOWS\icont.exe"
2006-06-29 22:43:34 ( .D... ) "C:\Program Files\InetGet2"
2006-06-29 22:42:28 299624 ( A.... ) "C:\WINDOWS\WHCC2.exe"
2006-06-29 22:42:24 362496 ( A.... ) "C:\526_620.exe"
2006-06-29 22:42:22 48187 ( A.... ) "C:\WINDOWS\SYSTEM32\VSL03.exe"
2006-06-29 22:42:16 171008 ( A.... ) "C:\comscore.exe"
2006-06-29 22:42:08 28672 ( A.... ) "C:\WINDOWS\drsmartload849a.exe"
2006-06-29 22:42:00 28672 ( A.... ) "C:\WINDOWS\drsmartload46a.exe"
2006-06-29 22:41:48 28672 ( A.... ) "C:\WINDOWS\drsmartload45a.exe"
2006-06-29 22:41:32 25105 ( A.... ) "C:\WINDOWS\MTE3NDI6ODoxNg.exe"
2006-06-29 22:41:24 51712 ( A.... ) "C:\WINDOWS\SYSTEM32\w002f877.dll"
2006-06-29 22:40:34 48167 ( A.... ) "C:\WINDOWS\SYSTEM32\VSL05.exe"
2006-06-29 22:40:24 111104 ( A.... ) "C:\numbsoft.exe"
2006-06-29 22:40:22 45068 ( A.... ) "C:\WINDOWS\SYSTEM32\ZICORN003.exe"
2006-06-29 22:40:12 389632 ( A.... ) "C:\webnexmk.exe"
2006-06-29 22:40:04 51712 ( A.... ) "C:\WINDOWS\SYSTEM32\w0020128.dll"
2006-06-29 22:39:10 45080 ( A.... ) "C:\WINDOWS\SYSTEM32\pjdsrego.exe"
2006-06-01 21:06:08 266240 ( A.... ) "C:\NNSCAA638.EXE"
2006-06-01 21:06:06 139264 ( A.... ) "C:\WINDOWS\ms05324605-11362006.exe"
2006-06-01 21:06:04 217088 ( A.... ) "C:\WINDOWS\SYSTEM32\x3cqp0.dll"
2006-06-01 21:06:04 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-06-01 21:06:04 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe"
2006-06-01 21:06:04 28672 ( A.... ) "C:\WINDOWS\SYSTEM32\gbe90qs.exe"
2006-06-01 21:06:04 24576 ( A.... ) "C:\WINDOWS\system32ssec.exe"
2006-06-01 21:06:02 28672 ( A.... ) "C:\WINDOWS\SYSTEM32\ftuninst.exe"
2006-06-01 21:06:00 578560 ( A.... ) "C:\warebundle.exe"
2006-06-01 21:06:00 2 ( A.... ) "C:\WINDOWS\SYSTEM32\wtssvtr.exe"
2006-06-01 21:05:58 956 ( A.... ) "C:\WINDOWS\SYSTEM32\nt68rrtc12.sys"
2006-06-01 21:05:58 956 ( A.... ) "C:\WINDOWS\SYSTEM32\nt68rrtc12.sys"
2006-06-01 21:05:56 36608 ( A.... ) "C:\WINDOWS\nem220.dll"
2006-06-01 21:05:44 ( .D... ) "C:\Program Files\Internet Optimizer"
2006-06-01 21:05:42 45056 ( A.... ) "C:\wd7gi8n.exe"
2006-06-01 21:05:36 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-06-01 21:05:36 52104 ( A.... ) "C:\WINDOWS\pf79.exe"
2006-06-01 21:05:32 ( .D... ) "C:\Program Files\Network Monitor"
2006-06-01 21:05:26 467968 ( A.... ) "C:\WINDOWS\visfx500.exe"
2006-06-01 21:05:18 159844 ( A.... ) "C:\WINDOWS\SYSTEM32\rwinkqez.exe"
2006-06-01 21:05:12 45059 ( A.... ) "C:\ZIGID003.exe"
2006-06-01 21:05:06 48190 ( A.... ) "C:\VSL02.exe"
2006-06-01 21:05:04 310122 ( A.... ) "C:\Trelew.exe"
2006-06-01 21:05:04 ( .D... ) "C:\Program Files\Snowball Wars"
2006-06-01 21:04:30 ( .D... ) "C:\Program Files\Windows"
2006-06-01 21:04:30 ( .D... ) "C:\Program Files\Common Files\InetGet"
2006-06-01 20:54:34 ( .D... ) "C:\Program Files\LimeWire"
2006-05-29 08:32:48 ( .D... ) "C:\Documents and Settings\Brandon\Application Data\DeepBurner Pro"
2006-05-26 22:44:02 ( .D... ) "C:\Documents and Settings\Brandon\Application Data\Pegasys Inc"
2006-05-26 22:18:44 ( .D... ) "C:\Program Files\Nero"
2006-05-26 22:18:44 ( .D... ) "C:\Program Files\Common Files\Ahead"
2006-05-26 06:32:00 ( .D... ) "C:\Documents and Settings\Brandon\Application Data\VCDEasy"
2006-05-26 06:31:36 ( .D... ) "C:\Program Files\VCDEasy"
2006-05-26 05:05:36 ( .D... ) "C:\Documents and Settings\Brandon\Application Data\dvdcss"
2006-05-23 18:00:20 ( .D... ) "C:\Program Files\SupportSoft"
2006-05-23 18:00:18 ( .D... ) "C:\Program Files\Qwest QuickConnect"
2006-05-23 17:26:00 579888 ( A.... ) "C:\WINDOWS\SYSTEM32\LegitCheckControl.dll"
2006-05-23 17:25:52 402736 ( A.... ) "C:\WINDOWS\SYSTEM32\WgaLogon.dll"
2006-05-23 17:25:52 285488 ( ..... ) "C:\WINDOWS\SYSTEM32\WgaTray.exe"
2006-05-18 02:50:28 ( .D... ) "C:\Program Files\DVD Shrink"
2006-05-06 19:24:40 ( .D... ) "C:\Program Files\WinPcap"
2006-05-05 19:41:22 ( .D... ) "C:\Documents and Settings\Brandon\Application Data\uTorrent"
2006-05-05 01:48:24 ( .D... ) "C:\Program Files\WinZip"
2006-05-03 23:57:02 ( .D... ) "C:\Program Files\iTunes"
2006-05-03 23:57:02 ( .D... ) "C:\Program Files\iPod"
2006-05-03 23:26:22 5818784 ( A.... ) "C:\WINDOWS\SYSTEM32\MRT.exe"
2006-05-02 00:21:16 ( .D... ) "C:\Documents and Settings\Brandon\Application Data\Ethereal"
2006-05-02 00:18:04 ( .D... ) "C:\Program Files\Ethereal"
2006-05-02 00:09:52 ( .D... ) "C:\Program Files\Musatcha.com"
2006-05-02 00:09:22 ( .D... ) "C:\Program Files\Network Stumbler"
2006-04-03 11:40:10 14048 ( ..... ) "C:\WINDOWS\SYSTEM32\spmsg.dll"
2006-03-30 04:16:04 1492480 ( A.... ) "C:\WINDOWS\SYSTEM32\shdocvw.dll"


Completion time: Fri 06/30/2006 11:02:30.38
ComboFix ver 06.05.29/06 - This logfile is located at C:\ComboFix.txt


Logfile of HijackThis v1.99.1
Scan saved at 11:06:47 AM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146017353615
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll
O20 - Winlogon Notify: acftp - C:\WINDOWS\Help\acftp.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\ir04l5dq1.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - c:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:12 PM

Posted 02 June 2006 - 11:31 AM

Hello,

I see Look2me is still active, so let's deal with it in another way.
We'll deal with Vundo as well - looks like you are dealing with an old variant, so not sure if vundofix will remove it.

Anyway, perform next:

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
    (If Look2Me-Destroyer does not reopen automatically, reboot and try again.)
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

After you restarted your pc,

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt, the log from Look2Me-Destroyer, Look2Me-Destroyer.txt present on your desktopand a new HiJackThis log.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 pimfram

pimfram
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 June 2006 - 12:32 PM

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/30/2006 12:03:07 PM

Infected! C:\WINDOWS\system32\l4n40e5qeh.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0095990.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0095996.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0096015.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0096046.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0097054.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0097058.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0097064.dll
Infected! C:\WINDOWS\SYSTEM32\f02mlaf11d2.dll
Infected! C:\WINDOWS\SYSTEM32\ids.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\l4n40e5qeh.dll
C:\WINDOWS\system32\l4n40e5qeh.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0095990.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0095990.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0095996.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0095996.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0096015.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0096015.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0096046.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0096046.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0097054.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0097054.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0097058.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0097058.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0097064.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0097064.dll could not be deleted!

Attempting to delete: C:\WINDOWS\SYSTEM32\f02mlaf11d2.dll
C:\WINDOWS\SYSTEM32\f02mlaf11d2.dll could not be deleted!

Attempting to delete: C:\WINDOWS\SYSTEM32\ids.dll
C:\WINDOWS\SYSTEM32\ids.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp could not be deleted!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F9293493-97BB-463C-8A5D-5EC98FF6FB2B}"
HKCR\Clsid\{F9293493-97BB-463C-8A5D-5EC98FF6FB2B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{98533A4C-BBD5-4ED7-9F47-88371CBB26BD}"
HKCR\Clsid\{98533A4C-BBD5-4ED7-9F47-88371CBB26BD}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded



VundoFix V4.2.76

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.4.2.3

Scan started at 12:20:03 PM 6/30/2006

Listing files found while scanning....


C:\WINDOWS\Help\ptfca.bak1
C:\WINDOWS\Help\ptfca.bak2
C:\WINDOWS\Help\ptfca.ini
C:\WINDOWS\Help\acftp.dll
Attempting to delete C:\WINDOWS\Help\ptfca.bak1
C:\WINDOWS\Help\ptfca.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\Help\ptfca.bak2
C:\WINDOWS\Help\ptfca.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\Help\ptfca.ini
C:\WINDOWS\Help\ptfca.ini Has been deleted!

Attempting to delete C:\WINDOWS\Help\acftp.dll
C:\WINDOWS\Help\acftp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V4.2.76

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.4.2.3

Scan started at 12:27:02 PM 6/30/2006

Listing files found while scanning....


No infected files were found.


Logfile of HijackThis v1.99.1
Scan saved at 12:29:13 PM, on 6/30/2006A
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146017353615
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - c:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:12 PM

Posted 02 June 2006 - 12:45 PM

Ok, looks like Vundofix could get it. :thumbsup:

Look2me destroyer fixed it as well, however, I think files will be still present. But they should get deleted manually without any problems now...

Delete next files and folders:

C:\NNSCAA638.EXE
C:\comscore.exe
C:\webnexmk.exe
C:\numbsoft.exe
C:\526_620.exe
C:\warebundle.exe
C:\wd7gi8n.exe
C:\ZIGID003.exe
C:\VSL02.exe
C:\Trelew.exe

C:\Program Files\InetGet2 <== folder
C:\Program Files\Internet Optimizer <== folder
C:\Program Files\Network Monitor <== folder
C:\Program Files\Snowball Wars <== folder
C:\Program Files\Windows <== folder (don't delete any other similar looking folders there, the one you have to delete will contain the file WinUpdate.fld and most probably WinUpdate.exe (should be deleted by alcanshorty previously)
C:\Program Files\Common Files\InetGet <== folder

C:\WINDOWS\icont.exe
C:\WINDOWS\WHCC2.exe
C:\WINDOWS\drsmartload849a.exe
C:\WINDOWS\drsmartload46a.exe
C:\WINDOWS\drsmartload45a.exe
C:\WINDOWS\MTE3NDI6ODoxNg.exe
C:\WINDOWS\ms05324605-11362006.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\pf78.exe
C:\WINDOWS\pf79.exe
C:\WINDOWS\visfx500.exe

C:\WINDOWS\SYSTEM32\VSL03.exe
C:\WINDOWS\SYSTEM32\w002f877.dll
C:\WINDOWS\SYSTEM32\VSL05.exe
C:\WINDOWS\SYSTEM32\ZICORN003.exe
C:\WINDOWS\SYSTEM32\w0020128.dll
C:\WINDOWS\SYSTEM32\pjdsrego.exe
C:\WINDOWS\SYSTEM32\x3cqp0.dll
C:\WINDOWS\system32\tfthot.exe
C:\WINDOWS\system32\ftuninst.exe
C:\WINDOWS\SYSTEM32\gbe90qs.exe
C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\SYSTEM32\wtssvtr.exe
C:\WINDOWS\SYSTEM32\nt68rrtc12.sys
C:\WINDOWS\SYSTEM32\rwinkqez.exe

Check if next are still present and delete them:

C:\WINDOWS\system32\l4n40e5qeh.dll
C:\WINDOWS\SYSTEM32\f02mlaf11d2.dll
C:\WINDOWS\SYSTEM32\ids.dll
C:\WINDOWS\system32\guard.tmp

C:\WINDOWS\Help\acftp.dll

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\wnu_25.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply together with the log from Panda and a new hijackthislog.

Edited by miekiemoes, 02 June 2006 - 12:46 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:12 PM

Posted 02 June 2006 - 12:52 PM

Extra addition.. Please update your Sun Java asap, because you are still running a vulnerable version..

Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 pimfram

pimfram
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 June 2006 - 02:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:14:03 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146017353615
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - c:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

Edited by pimfram, 02 June 2006 - 02:20 PM.


#9 pimfram

pimfram
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 June 2006 - 02:25 PM

Incident Status Location

Virus:Trj/Agent.BDY Disinfected C:\!KillBox\acftp.dll
Virus:Trj/Downloader.AYV Disinfected C:\!KillBox\comscore.exe
Adware:Adware/Look2Me Not disinfected C:\!KillBox\l4n40e5qeh.dll
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NNSCAA638.EXE
Virus:Trj/Downloader.AYV Disinfected C:\!KillBox\numbsoft.exe
Adware:Adware/Zenosearch Not disinfected C:\!KillBox\pjdsrego.exe
Virus:Trj/Downloader.ILI Disinfected C:\!KillBox\w0020128.dll
Virus:Trj/Downloader.AYV Disinfected C:\!KillBox\webnexmk.exe
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4321bd20-15fbf787.zip[A.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4321bd20-15fbf787.zip[BlackBox.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnt1.jar-3e7dda41-5e79efb9.zip[SandBoxEscape.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnt1.jar-3e7dda41-5e79efb9.zip[SuperMSClassLoader.class]
Virus:Trj/ClassLoader.E Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnt1.jar-3e7dda41-5e79efb9.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brandon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnt1.jar-3e7dda41-5e79efb9.zip[Installer.class]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\About CNET Networks.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Advanced search.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\All RSS feeds.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\All Software.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cars Photo Screensaver 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CART Precision Racing updated demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Carta Musica 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cartagio Enterprise 1.2.0 b97.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CarteBlanche 6.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Carthago Messaging Services 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cartman's Authoritah 1.3c.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CartMeister 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CArTomancy 2.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cartoon Racer .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cartoonist 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CartoonPopUps 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cartopro Evolution 05.03.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cartouche Maker 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CarTracker 1.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CarTunes 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Carzi Video for PSP 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CAS Modbus RTU Parser 1.00aB.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CASC 1.0.24.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casc'ADSL 0.99 build 4209.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Case Converter 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Case Manager 2.64h.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Case Studio 2 2.23.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CaseXL 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cash Center 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cash Diary 1.6.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cash Flow Manager 1.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cash Organizer '05 Premium 6.98.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cash Register Express 2003 9.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cashbook Complete Accounting 4.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cashflow Plan Free 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cashflow Plan Micro 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cashflow Plan Plus 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cashflow Plan Super 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cashflow Plan Ultra 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cashflow Wizard - Ready to Roll 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cashflow Wizard- Full Monty 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CashRoll Club 1.02.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CashSale-Auto 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CashWhiz Business Forecasting Software 5.7.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CashWorks 3.1.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino Breaker 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino Card Games 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino Island To Go 1.0.42.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino Magic 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino Man Gambling Toolbar 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino Style Video Poker 2.1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino Verite Blackjack 4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino Verite Pai Gow Poker 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino Winning Tips 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino World Championship 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino, Inc. demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casino770 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CASPandR 0.9.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casper Spam Hunter 4.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casper XP 3.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casper's Spooky Swap .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CassaForte 7.21.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cassino by SpiteNET 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Caster 1.0.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Casting Calculator 3.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Castle Attack 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Castle Strike 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Castle Wars 1.05.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Castle Wolfenstein 5.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CastleKeep 3.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Castlequest 2.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Castles n' Dragons 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CastRipper 2.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Castrol Honda Superbike 2000 demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cat in the Hat Trailer .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cat Portraits - Oil and Pastel Paintings 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cat5Data 1.0.9.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalog Database Model 3.0.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalog Max 1.66.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CatalogLogik QuickPacks 39.0.75.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalogue 3.0b3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalogue 4.2.9.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalyst Catalog Builder 5.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalyst Internet Mail 4.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalyst Radeon Display Driver (Windows 2000XP) 6.4 (04122006).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalyst Radeon Display Driver (Windows 98Me) 6.2 (02092006).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalyst Radeon Display Driver with Catalyst Control Center (Win 6.4 (04122006).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catalyzer 1.1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catan - The Computer Game .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CatchTheWeb Solo 1.2.20.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CatchXSL The XSLT Profiler 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CatClip 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CATCount Computer Assisted Translation 1.0 build 105.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CatDV Personal Edition 3.0.9.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Category 1.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Caterpillar Gold 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CaterpillarSSA 3.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catfood Desktate 2.20.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catfood Fortune Cookies 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catfood FTP 2.00.0070.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catfood Quote 2.02.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catfood Weather 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catfood WebCamSaver 1.00.0251.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CatGen 4.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cathedral 3D Screensaver 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catherine Bell Sex-E Screensaver 3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catholic Trivia Game 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CATLearn Reader 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CATrain 1.82.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CATraxx 7.10.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cats and Kittens 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cats Mah Jong 1.066.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cats Photo Screensaver 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cats Screen Saver 3.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cats Screensaver 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CatsCradle 3.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cattery (ARMXScale) 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CattleWorks 5.0.24.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cattleya-Log 3.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CATVids 7.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Catwoman Screensaver .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Causerie Messenger 2.08.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cavaj Java Decompiler 1.11.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cave Dweller 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cave Jumper 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cave of Woe (The Elder Scrolls III Morrowind) .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Caveman Sound 1.1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Caverun 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cavewars demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cavity Crusade 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Caxcade 1.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cayman Browser 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CB Backup Copy 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CB Calculator 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CB Photo Gallery 1.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CBackup HE 1.0.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CBackup Standard 1.5.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CBB TextPrinter 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\cbConnect 2.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CBlock - Pop Up Blocker 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CBScreensaver 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CBT Digitaltechnik Teil 1 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CBTDateSel 1.2.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CBWallpaper 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\cb_PMM Port-Mapping-Monitoring 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CB_WET Web-Tracking 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CC File Transfer 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CC-CAM 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Ccalc 2005.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CCalendar 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CCC Contact 1.zip[Setup.exe]

#10 pimfram

pimfram
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 June 2006 - 02:26 PM

Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Box Labeler Pro 1.9.9G.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD BurnRip 4.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Catalog & Website Builder 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Catalog Expert 8.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Copy 4.95.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Cover Kit 1.0.0.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Czar Music Collection Manager 5.8a.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Data Rescue 2.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Drive Tool 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD DVD catalog 2.1.2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Ejector 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Extraction Wizard 1.7.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Extractor Control 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD First Certificate Course 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Jewel Case Creator 3.6.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Keeper Pro 3.1.59.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Key ViewerChanger 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Label Designer 3.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Labeler 1.0.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Magic Launcher 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Match Application 1.31.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cd Mate 2.2.5.30.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Menu 1.19.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Menu Builder 1.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD MP3 Ripper 1.69.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD MP3 Terminator 2.07.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Player Maximus 3.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Reader 0.8.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Ripper 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Rx Data Retriever 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Secure 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Security 5.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Shopping Cart 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Speed 3.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Storage Master 5.93.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to Mobile 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to MP3 Converter 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to Mp3 Gecko 2.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to MP3 Maker 2.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to MP3 Ripper 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to MP3 Ripper 1.32.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to MP3 Ripper 5.20.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to MP3 WAV Maker 1.28.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to MP3 WAV Maker 2.00.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to MP3 WAV Maker 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to WAVMP3 Ripper 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD to WMA MP3 Ripper 1.6.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD Trustee 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD'n'Go Suite 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD-DVD InDepth 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD-DVD Lock 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD-DVD Publisher 3.14.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD-Lock 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD-ROM Emulator 3.00.036.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD-ROM ToolKit Updater 3.0.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD-Tag 2.21.1451.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Agriculture 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Appropriate Technology 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Biogas Htm 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Complete 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Construction (Spanish) 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Construction 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Electrical Skills 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Fisheries 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Food Processing 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Forestry 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Health (spanish) 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Health 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD ICT Training 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Metalwork 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Miscellaneous I 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cd3WD Miscellaneous III 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Miscellaneous IV 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Miscelleneous II 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD PostHarvest (French,Spanish,Portuguese) 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD PostHarvest 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Setup Files 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Soil and Water 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Veterinary 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Vita 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Water Sanitation 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CD3WD Woodworking 3.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDAC Annotation System 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDAC San-kshaepauk 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDB Comparator 4.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDB Studio 4.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDB Synchronizer 4.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDBF - DBF Viewer and Editor 1.30.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDBF for Windows 2.99.02.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDBFlite 1.15.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDBurnerXP Pro 3.0.116.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDB® Migrator 4.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDCover Search 2.3.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDDVD Data Recovery 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDDVD Helper Professional 1.9.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDDVD Inventory Tool 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDDVD Library (Mac) 4.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDEditor 3o.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDEveryWhere 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDex 1.51.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDFinder 4.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDGraber 3.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDH Media Wizard 10.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDLibX 0.6.7.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDMaster32 5.7.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDmax 2.0.3.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDMenuPro 5.21.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDML Universal Bookmarks Manager 1.1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDNotification ActiveX Control 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDPlay 2.0.0.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDR Tools Front End 1.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDRipperX ActiveX Control 1.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDRLabel 7.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDRoller 6.11.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDRom Watchdog 1.22.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDRom-Lock 0.6.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDShelf 11.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDSingTime 2.1e.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDSpace 5.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDSpace Network 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDStartDummy 2.53.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDTree Standard 3.1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDWriterPro ActiveX Control 1.002.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CDX CDDVDVideo Game Cover Creator 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CEAPI - Windows CE API Interface for PocketC 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CeBuSoft Accounting Information System 1.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CeCAD Classic 5.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CeCAD Pro 5.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cecraft iGolf2 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cecraft Pinball Angel Egg 1.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cecraft Pinball Young Paladin 1.03.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CeeBot4 1.2 E.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Ceedo Personal 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CeExplorer (CE Palmtop) 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cel Uploader 1.0.0.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celebrating Christmas Magazine 2005.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celebration of America 1.23.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celebrity Magnet 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celebrity Numerology! 1.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celebrity Solitaire 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CeledyDraw 1.51.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CeledyDraw 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CeledyDraw Unicode Version 1.51.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celestia 1.4.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celestia Content Management 3.05b2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celestial Dreams 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celina Jaitley Wallpaper 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cell Extreme WAP Server 1.7.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cell Mate 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cell Phone Manager 2006 6.0.9.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cellar The Ultimate Wine Companion 3.5.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cellblock Squadrons demo .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cellfire (Motorola RAZR) 1.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cellfire (Nokia 6682) 1.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CellFix 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CellHalma 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CellPhoneForums.net Toolbar 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\CellSynth 1.6.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Cellular Trailer .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celtic Elf WP 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celtic Font #1 .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celtic Font #2 .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celtic Font #3 .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celtic Font #4 .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celtic Kings 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celtic Kings Rage of War 1.1 patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Brandon\Complete\Celtic Kings Rage of War 1.15e patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A

#11 pimfram

pimfram
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 June 2006 - 02:28 PM

Antivirus Version Update Result
AntiVir 6.34.1.37 06.02.2006 TR/Dldr.Qoolog.AT.3
Authentium 4.93.8 06.02.2006 W32/Backdoor.KQH
Avast 4.7.844.0 06.02.2006 Win32:Qoologic-AH
AVG 386 06.02.2006 Downloader.Generic.YZD
BitDefender 7.2 06.02.2006 Trojan.Downloader.Qoologic.BC
CAT-QuickHeal 8.00 06.02.2006 TrojanDownloader.Qoologic.c
ClamAV devel-20060426 06.02.2006 no virus found
DrWeb 4.33 06.02.2006 Trojan.Qoologic
eTrust-InoculateIT 23.72.25 06.02.2006 Win32/Qoologic.Variant!Trojan
eTrust-Vet 12.6.2240 06.02.2006 Win32/Qoologic!generic
Ewido 3.5 06.02.2006 Trojan.Qoologic
Fortinet 2.77.0.0 06.01.2006 Qoolaid!tr
F-Prot 3.16f 06.02.2006 security risk named W32/Backdoor.KQH
Ikarus 0.2.65.0 06.02.2006 Trojan-PSW.Win32.Agent.FW
Kaspersky 4.0.2.24 06.02.2006 Trojan-Downloader.Win32.Qoologic.c
McAfee 4776 06.02.2006 Qoolaid
Microsoft 1.1441 06.02.2006 Adware-Webnexus (threat-c)
NOD32v2 1.1576 06.02.2006 Win32/TrojanDownloader.Qoologic.C
Norman 5.90.17 06.02.2006 W32/Qoologic.IQ
Panda 9.0.0.4 06.02.2006 Adware/Qoologic
Sophos 4.05.0 06.02.2006 Troj/Qoolaid-AP
Symantec 8.0 06.02.2006 no virus found
TheHacker 5.9.8.154 06.01.2006 Trojan/Downloader.Qoologic.c
UNA 1.83 06.02.2006 TrojanDownloader.Win32.Qoologic
VBA32 3.11.0 06.02.2006 Trojan.Qoologic


Aditional Information
File size: 78336 bytes
MD5: d906e2f15b51739a2f9d7d052ddbed82
SHA1: 67c2d8c53c101a60469635d522a28624ce390b13

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:12 PM

Posted 02 June 2006 - 02:34 PM

Ok, I see Panda disinfected/deleted the files that were found.

delete the C:\WINDOWS\wnu_25.exe.

By the way, is someone else also helping with your log? Because I see you killboxed some files I asked you to delete manually. Unless they didn't want to get deleted manually.

Your hijackthislog looks clean again.... How are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 pimfram

pimfram
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 June 2006 - 02:41 PM

i have gotten help on various issues in the past and i found it easier to killbox the files instead of looking for them because it is quicker because the dir had a lot of files. she seems to be running great. thanks for the help.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:12 PM

Posted 02 June 2006 - 02:56 PM

Ehm, so you said you killboxed all these files? Can you look in your C:\!KillBox if all these files you killboxed are really there? Because Panda only flagged a few and I am pretty sure Panda should flag more.
That's why I think most files are still present in their locations.

Killboxing folders won't work properly, so where I said to delete those folders, you probably tried to killbox them. Better check if these folders are gone.
That may explain why the rest was not killboxed properly either, because it failed on the folders-part and everything pasted after the folder part won't get deleted as well with killbox.

So better to doublecheck :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 pimfram

pimfram
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 02 June 2006 - 05:59 PM

i have deleted the killboxed files properly and checked to make sure. again, thanks for the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users