Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surf Sidekick Removal Trouble


  • This topic is locked This topic is locked
7 replies to this topic

#1 Tunk

Tunk

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 16 July 2006 - 11:47 PM

Hello

I've been having surf sidekick annoying me for awhile and decided I go look for help concerning this. Thusly, i found this website. I do not have the add/remove option for surf sidekick.

Logfile of HijackThis v1.99.1
Scan saved at 12:42:06 AM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\limewire\limewire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Nick\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {49CE9C2F-5FF2-33EA-FBB1-9D4EBAE21EA9} - C:\DOCUME~1\Nick\APPLIC~1\ANTEOP~1\remotepoll.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [fatrecov] C:\WINDOWS\system32\fatrecov.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{D3-3B-BD-D9-ZN}] c:\windows\system32\dwdsregt.exe CORN004
O4 - HKLM\..\Run: [kvwwic] C:\WINDOWS\system32\kvwwic.exe
O4 - HKLM\..\Run: [test tick blah pile] C:\Documents and Settings\All Users\Application Data\ProcMapiTestTick\Upload Bold.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [cool test] C:\DOCUME~1\Nick\APPLIC~1\ENC1~1\link nurb media.exe
O4 - HKCU\..\Run: [uouw] C:\PROGRA~1\COMMON~1\uouw\uouwm.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinrqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\pqdsregk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3284DCF3-C54F-4705-BF79-75AEFEF670BA}: NameServer = 205.152.144.23,205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{3284DCF3-C54F-4705-BF79-75AEFEF670BA}: NameServer = 205.152.144.23,205.152.132.23
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169581.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\iardbg32.dll (file missing)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mQpi32.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

thanks for any help

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:57 PM

Posted 17 July 2006 - 02:36 AM

Hello,

It is important you don't miss a step and perform everything in the right order!!

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

Extra addition... also perform next:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results also in your next post.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Tunk

Tunk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 17 July 2006 - 11:05 PM

ComboFix Log:

Start Time= Mon 07/17/2006 23:43:17.97
Running from: C:\Documents and Settings\Nick\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{C086CBAC-F766-4C9A-A869-7EEBF1243475}]
@=""

[HKEY_CLASSES_ROOT\clsid\{C086CBAC-F766-4C9A-A869-7EEBF1243475}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{C086CBAC-F766-4C9A-A869-7EEBF1243475}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{C086CBAC-F766-4C9A-A869-7EEBF1243475}\InprocServer32]
@="C:\\WINDOWS\\system32\\iardbg32.dll"
"ThreadingModel"="Apartment"

Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169581.dll
C:\!KillBox\SurfSideKick 3\Ssk.exe
C:\!KillBox\SurfSideKick 3\SskBho.dll
C:\!KillBox\SurfSideKick 3\SskCore.dll
C:\Documents and Settings\Nick\Application Data\Sskknwrd.dll
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Nick\Recent\SskCore.dll.lnk
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



23:46:24.53
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Defender of the crown.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-17 19:30 <DIR> C:\Program Files\mozilla firefox
2006-07-17 17:21 <DIR> C:\Program Files\limewire
2006-07-17 17:03 <DIR> C:\Program Files\musicmatch
2006-07-17 16:54 <DIR> C:\Program Files\winamp
2006-07-17 16:52 <DIR> C:\Program Files\installshield installation information
2006-07-17 16:51 <DIR> C:\Documents and Settings\Nick\Application Data\musicmatch
2006-07-17 16:41 503,808 C:\WINDOWS\system32\msvcp71.dll
2006-07-17 16:41 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-17 16:40 1,047,552 C:\WINDOWS\system32\mfc71u.dll
2006-07-17 00:42 <DIR> C:\Program Files\hijackthis
2006-07-16 14:26 <DIR> C:\Program Files\spybot - search & destroy
2006-07-16 14:11 <DIR> C:\Program Files\scanspyware v3.8.0.4
2006-07-11 15:06 <DIR> C:\Program Files\world of warcraft
2006-07-10 04:11 <DIR> C:\Program Files\quicktime
2006-06-26 00:21 126,976 C:\WINDOWS\war3unin.exe
2006-06-24 01:19 <DIR> C:\Documents and Settings\Nick\Application Data\bittorrent
2006-06-24 01:03 <DIR> C:\Program Files\bittorrent
2006-06-23 02:02 <DIR> C:\Program Files\internet explorer
2006-06-14 14:09 <DIR> C:\Documents and Settings\Nick\Application Data\talkback
2006-06-14 14:09 <DIR> C:\Documents and Settings\Nick\Application Data\microsoft
2006-06-03 17:49 <DIR> C:\Documents and Settings\Nick\Application Data\anteopenburn
2006-06-03 17:12 <DIR> C:\Program Files\common files
2006-05-20 09:42 <DIR> C:\Program Files\enc 1
2006-05-20 09:42 <DIR> C:\Documents and Settings\Nick\Application Data\enc 1
2006-05-19 17:16 2,560 C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-05-19 17:16 2,432 C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-05-06 10:12 <DIR> C:\Program Files\norton antivirus
2006-05-02 21:35 98,816 C:\WINDOWS\system32\kvwwi.dll
2006-05-02 21:34 4,608 C:\WINDOWS\system32\explorer.exe
2006-05-02 21:34 4,096 C:\WINDOWS\system32\s_install_id8.exe
2006-05-02 21:34 33,245 C:\WINDOWS\dhu.exe
2006-05-02 21:33 236,239 C:\WINDOWS\system32\krdtuf.dll
2006-05-02 07:27 236,239 C:\WINDOWS\system32\hr8q05l5e.dll
2006-05-01 21:57 233,942 C:\WINDOWS\system32\n88olil318q.dll
2006-05-01 21:55 236,239 C:\WINDOWS\system32\swcoinst.dll
2006-05-01 07:48 236,239 C:\WINDOWS\system32\i8lo0i33e8.dll
2006-04-30 17:11 236,239 C:\WINDOWS\system32\p66s0gj7e6o.dll
2006-04-30 13:24 <DIR> C:\Program Files\Common Files\uouw
2006-04-30 13:19 78,336 C:\WINDOWS\wnu_49.exe
2006-04-30 12:37 <DIR> C:\Program Files\download plugin
2006-04-29 18:22 <DIR> C:\Program Files\Common Files\microsoft shared
2006-04-29 04:37 <DIR> C:\Program Files\kill tracker
2006-04-29 04:35 720,896 C:\WINDOWS\iun6002.exe
2006-04-28 14:07 <DIR> C:\Program Files\microsoft games
2006-04-28 09:52 <DIR> C:\Program Files\jam's jedi knight kt v2.0
2006-04-27 07:53 <DIR> C:\Documents and Settings\Nick\Application Data\u3
2006-04-26 17:03 <DIR> C:\Program Files\lucasarts
2006-04-24 22:39 <DIR> C:\Program Files\wowreader
2006-04-24 22:36 <DIR> C:\Program Files\aim
2006-04-13 09:33 <DIR> C:\Program Files\itunes
2006-04-13 09:33 <DIR> C:\Program Files\ipod
2006-03-25 13:29 <DIR> C:\Program Files\yahoo!
2006-03-25 13:28 <DIR> C:\Program Files\viewpoint
2006-03-02 00:32 <DIR> C:\Program Files\google
2006-02-18 11:32 <DIR> C:\Program Files\mymouse
2006-02-11 17:34 <DIR> C:\Program Files\aim+
2006-01-25 22:02 <DIR> C:\Program Files\lavasoft
2006-01-25 22:02 <DIR> C:\Documents and Settings\Nick\Application Data\lavasoft
2005-11-05 11:26 <DIR> C:\Documents and Settings\Nick\Application Data\adobe
2005-10-04 23:51 <DIR> C:\Documents and Settings\Nick\Application Data\adobeum
2005-09-25 13:45 <DIR> C:\Documents and Settings\Nick\Application Data\apple computer
2005-08-23 22:43 <DIR> C:\Documents and Settings\Nick\Application Data\aim
2005-08-23 22:27 <DIR> C:\Program Files\msn messenger
2005-08-11 22:42 <DIR> C:\Program Files\Common Files\xing shared
2005-08-11 22:42 <DIR> C:\Program Files\Common Files\real
2005-08-11 22:42 <DIR> C:\Documents and Settings\Nick\Application Data\real
2005-08-11 22:41 <DIR> C:\Program Files\real
2005-07-25 13:30 <DIR> C:\Program Files\windows media player
2005-07-22 00:53 <DIR> C:\Documents and Settings\Nick\Application Data\macromedia
2005-07-20 18:46 <DIR> C:\Program Files\ventrilo
2005-07-20 18:46 <DIR> C:\Program Files\Common Files\wise installation wizard
2005-07-17 04:41 <DIR> C:\Program Files\thrixxx
2005-06-06 00:01 <DIR> C:\Program Files\teamspeak2_rc2
2005-06-06 00:01 <DIR> C:\Documents and Settings\Nick\Application Data\teamspeak2
2005-06-04 17:15 <DIR> C:\Program Files\directx
2005-06-02 14:05 <DIR> C:\Program Files\Common Files\totem shared
2005-05-10 18:45 <DIR> C:\Program Files\multiquence
2005-05-10 18:45 <DIR> C:\Program Files\goldwave
2005-05-10 18:44 <DIR> C:\Program Files\lame
2005-05-06 23:39 <DIR> C:\Program Files\adobe
2005-05-06 23:38 <DIR> C:\Program Files\Common Files\adobe
2005-04-26 22:30 <DIR> C:\Program Files\movie maker
2005-04-14 21:12 <DIR> C:\Program Files\Common Files\symantec shared
2005-04-14 21:08 <DIR> C:\Program Files\symantec
2005-04-14 21:03 <DIR> C:\Documents and Settings\Nick\Application Data\symantec
2005-04-13 18:35 <DIR> C:\Program Files\warcraft iii
2005-04-13 18:33 <DIR> C:\Program Files\creative
2005-03-02 16:11 <DIR> C:\Program Files\Common Files\blizzard entertainment
2005-02-15 22:50 <DIR> C:\Program Files\messenger
2005-01-03 14:12 <DIR> C:\Program Files\winrar
2004-12-20 21:30 <DIR> C:\Documents and Settings\Nick\Application Data\mozilla
2004-12-07 17:10 <DIR> C:\Documents and Settings\Nick\Application Data\jasc
2004-11-16 22:54 <DIR> C:\Program Files\Common Files\installshield
2004-09-27 20:59 <DIR> C:\Program Files\Common Files\vbox
2004-09-25 14:53 <DIR> C:\Program Files\java
2004-09-25 14:53 <DIR> C:\Documents and Settings\Nick\Application Data\sun
2004-09-25 14:52 <DIR> C:\Program Files\Common Files\java
2004-09-17 21:17 <DIR> C:\Documents and Settings\Nick\Application Data\creative
2004-09-17 15:57 <DIR> C:\Program Files\windows nt
2004-09-17 15:57 <DIR> C:\Program Files\outlook express
2004-09-17 15:57 <DIR> C:\Program Files\netmeeting
2004-09-17 15:57 <DIR> C:\Program Files\Common Files\system
2004-09-12 19:46 <DIR> C:\Documents and Settings\Nick\Application Data\help
2004-09-06 18:20 <DIR> C:\Program Files\ahead
2004-09-06 17:38 <DIR> C:\Program Files\Common Files\mimarsinan
2004-09-06 11:32 <DIR> C:\Program Files\guitar pro 4
2004-09-05 17:06 <DIR> C:\Documents and Settings\Nick\Application Data\kazaa lite
2004-09-03 12:00 <DIR> C:\Documents and Settings\Nick\Application Data\ventrilo
2004-09-02 20:07 <DIR> C:\Program Files\jasc software inc
2004-09-02 20:07 <DIR> C:\Documents and Settings\Nick\Application Data\jasc software inc
2004-09-02 12:41 <DIR> C:\Documents and Settings\Nick\Application Data\identities
2004-09-02 12:40 <DIR> C:\Program Files\uninstall information
2004-09-02 12:34 <DIR> C:\Program Files\xerox
2004-09-02 12:34 <DIR> C:\Program Files\microsoft frontpage
2004-09-02 12:32 <DIR> C:\Program Files\online services
2004-09-02 12:32 <DIR> C:\Program Files\Common Files\services
2004-09-02 12:32 <DIR> C:\Program Files\Common Files\mssoap
2004-09-02 12:30 <DIR> C:\Program Files\windowsupdate
2004-09-02 12:30 <DIR> C:\Program Files\msn gaming zone
2004-09-02 12:30 <DIR> C:\Program Files\msn
2004-09-02 07:58 <DIR> C:\Program Files\Common Files\speechengines
2004-09-02 07:58 <DIR> C:\Program Files\Common Files\odbc


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-17 16:52 1,047,552 C:\WINDOWS\system32\mfc71u.dll
2006-07-16 14:14 0 C:\WINDOWS\b.exe
2006-06-26 00:21 126,976 C:\WINDOWS\War3Unin.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"fatrecov"="C:\\WINDOWS\\system32\\fatrecov.exe"
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"OSS"="C:\\windows\\system32\\rlvknlg.exe -boot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"{D3-3B-BD-D9-ZN}"="c:\\windows\\system32\\dwdsregt.exe CORN004"
"kvwwic"="C:\\WINDOWS\\system32\\kvwwic.exe"
"test tick blah pile"="C:\\Documents and Settings\\All Users\\Application Data\\ProcMapiTestTick\\Upload Bold.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WhatPulse"="C:\\PROGRA~1\\WHATPU~1\\WHATPU~1.EXE"
"cool test"="C:\\DOCUME~1\\Nick\\APPLIC~1\\ENC1~1\\link nurb media.exe"
"uouw"="C:\\PROGRA~1\\COMMON~1\\uouw\\uouwm.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck"
"RemoveCM"="\"C:\\Program Files\\Musicmatch\\Common\\ComponentMgr\\Unwise.exe\" /s \"C:\\Program Files\\Musicmatch\\Common\\ComponentMgr\\CMINSTALL.LOG\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\WINDOWS\\system32\\ad.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00000000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AFF4981C942B0A2C.job
C:\WINDOWS\tasks\ArcaneMFury2.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Mon 07/17/2006 23:46:33.81
ComboFix ver 06.07.16.2 - This logfile is located at C:\ComboFix.txt

ComboFix.txt


New HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:59:12 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {49CE9C2F-5FF2-33EA-FBB1-9D4EBAE21EA9} - C:\DOCUME~1\Nick\APPLIC~1\ANTEOP~1\remotepoll.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [fatrecov] C:\WINDOWS\system32\fatrecov.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{D3-3B-BD-D9-ZN}] c:\windows\system32\dwdsregt.exe CORN004
O4 - HKLM\..\Run: [kvwwic] C:\WINDOWS\system32\kvwwic.exe
O4 - HKLM\..\Run: [test tick blah pile] C:\Documents and Settings\All Users\Application Data\ProcMapiTestTick\Upload Bold.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [cool test] C:\DOCUME~1\Nick\APPLIC~1\ENC1~1\link nurb media.exe
O4 - HKCU\..\Run: [uouw] C:\PROGRA~1\COMMON~1\uouw\uouwm.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3284DCF3-C54F-4705-BF79-75AEFEF670BA}: NameServer = 205.152.144.23,205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{3284DCF3-C54F-4705-BF79-75AEFEF670BA}: NameServer = 205.152.144.23,205.152.132.23
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


Uninstall_list log:

Ad-Aware SE Personal
Adobe Premiere Pro
Adobe Reader 7.0
AOL Instant Messenger
Creative WebCam NX Pro Driver (1.00.06.0512)
Download Plugin for Mozilla, Opera, Netscape
eMusic - 50 Free MP3 offer
File Writer output plugin for WinAMP 2 v1.17© (remove only)
Fraps
GoldWave v5.06
GoldWave v5.08
Google Video Player
Guitar Pro 4.0
HijackThis 1.99.1
iTunes
JAM's Jedi Knight KT v2.0
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2
Kill Tracker 5.0 Final
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft MechCommander 2
middle_man
Mozilla Firefox (1.5)
MSN Messenger 7.5
Multiquence v2.50
Multiquence v2.51
MyMouse 4.3
Nero - Burning Rom (Web installer)
Norton AntiVirus 2002
NVIDIA Drivers
Quake 3 Arena Demo
QuickTime
RealPlayer
ScanSpyware v3.8.0.4
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Sound Blaster Live!
Spybot - Search & Destroy 1.4
Star Wars JK II Jedi Outcast
TeamSpeak 2 RC2
Update for Windows XP (KB898461)
Ventrilo Client
Viewpoint Media Player
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:57 PM

Posted 18 July 2006 - 12:37 AM

Ok, let's cleanup now...

Uninstall next via software > add/remove programs:

ScanSpyware v3.8.0.4
Download Plugin for Mozilla, Opera, Netscape


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {49CE9C2F-5FF2-33EA-FBB1-9D4EBAE21EA9} - C:\DOCUME~1\Nick\APPLIC~1\ANTEOP~1\remotepoll.exe (file missing)
O4 - HKLM\..\Run: [fatrecov] C:\WINDOWS\system32\fatrecov.exe
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [{D3-3B-BD-D9-ZN}] c:\windows\system32\dwdsregt.exe CORN004
O4 - HKLM\..\Run: [kvwwic] C:\WINDOWS\system32\kvwwic.exe
O4 - HKLM\..\Run: [test tick blah pile] C:\Documents and Settings\All Users\Application Data\ProcMapiTestTick\Upload Bold.exe
O4 - HKCU\..\Run: [cool test] C:\DOCUME~1\Nick\APPLIC~1\ENC1~1\link nurb media.exe
O4 - HKCU\..\Run: [uouw] C:\PROGRA~1\COMMON~1\uouw\uouwm.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


delete next files and folders:

C:\WINDOWS\system32\kvwwi.dll
C:\WINDOWS\system32\explorer.exe <== don't try to delete explorer.exe present in your Windows Folder!
C:\WINDOWS\system32\s_install_id8.exe
C:\WINDOWS\dhu.exe
C:\WINDOWS\system32\krdtuf.dll
C:\WINDOWS\system32\hr8q05l5e.dll
C:\WINDOWS\system32\n88olil318q.dll
C:\WINDOWS\system32\swcoinst.dll
C:\WINDOWS\system32\i8lo0i33e8.dll
C:\WINDOWS\system32\p66s0gj7e6o.dll
C:\WINDOWS\wnu_49.exe
C:\Program Files\download plugin <== folder
C:\Documents and Settings\Nick\Application Data\anteopenburn <== folder,
C:\Documents and Settings\All Users\Application Data\ProcMapiTestTick <== folder
C:\Documents and Settings\Nick\Application Data\ENC 1 <== folder
C:\Program Files\enc 1 <== folder
C:\PROGRAM FILES\COMMON FILES\uouw <== folder
C:\WINDOWS\b.exe
C:\\WINDOWS\system32\ad.html

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
Hit ok below > apply in previous window.

* Open notepad and copy and paste next content in it:

%systemdrive%
cd %WinDir%\Tasks
attrib -r -s -h AFF4981C942B0A2C.job
del AFF4981C942B0A2C.job


Save this as remjobs.bat , choose to save as *all files and place it on your desktop.
Doubleclick on remjobs.bat. A doswindow will open and close again, this is normal.

Update your Sun Java:
Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp
* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
  • Post the contents of the Ewido log you saved in your next reply together with a new hijackthislog.
Edit - is it possible you accidentally deleted C:\WINDOWS\system32\msiexec.exe previously?

Edited by miekiemoes, 18 July 2006 - 12:38 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Tunk

Tunk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 18 July 2006 - 03:25 AM

I followed all of the instructions but came across a bump or two. First of all, i couldn't find C:\\WINDOWS\system32\ad.html , but it was there in the Web tab of Customize Desktop. Secondly, I couldn't remove the Java program from the Add/Remove list. It came up with an error saying 'The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed'

Everything else went through without a hitch. Here are the logs:

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:17:17 AM, on 7/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3284DCF3-C54F-4705-BF79-75AEFEF670BA}: NameServer = 205.152.144.23,205.152.132.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{3284DCF3-C54F-4705-BF79-75AEFEF670BA}: NameServer = 205.152.144.23,205.152.132.23
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


The Ewido log seems to be long to fit in this reply, so I'm making another one as well.

#6 Tunk

Tunk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 18 July 2006 - 03:27 AM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:07:22 AM 7/18/2006

+ Scan result:



C:\WINDOWS\system32\kvwwid.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kvwwif.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\movies\WoW Movie Pics\DlPlugin-Moz\buddy.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rk.bin -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\!KillBox\repairs303169581.dll -> Adware.Surfside : Cleaned with backup (quarantined).
C:\!KillBox\repairs303169581.dll( 1) -> Adware.Surfside : Cleaned with backup (quarantined).
C:\!KillBox\repairs303169581.dll( 2) -> Adware.Surfside : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\Star Wars Pod Racer edonkeylinks.com.exe -> Downloader.Small.jg : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\#1 DVD Ripper 2.1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\#1 Video Converter 3.9.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\123 Video Converter v3.31.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\14in1 Download Managers.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\2006 FIFA World Cup iSO.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\25 To Life-RELOADED iSO.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\25 To Life.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\3D Flash Animator v3.7.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\3D MP3 Sound Recorder 3.9.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\3DSnowDesk 1.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\4Diskclean Gold v5.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\7 browsers pro AIO.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\8 Mile.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\A1Click Ultra PC Cleaner 1.01.35.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\A3D Stitcher v1.0.0.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\A4 DVD Shrinker 4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AA Allocation Manage System 4.1.0.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\ABBIcon Pro v5.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\ABC English Made Easy v2.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AIO AutoFX Photoshop PlugIn.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AMS Photo Studio v2.15 2.21.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AMS Photo Studio v2.15.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\ATL (2006).exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AVG Anti-Virus Pro 7.1.375.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AVG antivirus pro V 7.1 with keygen.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AVI MPEG WMV Joiner v1.9.85.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Abbyy Finereader Professional Edition 8.0.0.706.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AbsoluteFTP v2.2.10.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Abylon Shredder v5.50.12.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Accum v8.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ace Buddy v3.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ace Translator 4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ace Video Workshop 1.4.32.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Acronis Migrate Easy 7.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Acronis Privacy Expert Suite 9.0 Build 1429.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Acronis True Image v9.0.2302.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Active Desktop Calendar v3.0.030915.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Active Keylogger 1.9.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Active ScreenSaver Builder v4.30.030908.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Actual Spy v2.7.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AcuteFinder v1.3.1.7.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ad Popup Killer v4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ad-Aware SE Professional 1.06r1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AdLib eXpress Server v3.0.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Adobe Creative Suite CS2 Premium DVD.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Adobe InDesign CS2 4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AdobeĀ® Acrobat ® 7.0 Professional Full Version.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ads Alert 2.9.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AdsCleaner 1.06.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Advanced System Optimizer 2.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AdvancedBiorhythms 1.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aeon Flux.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Age Of Empires III.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aibase-CS v1.060.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aibase-CS v1.071.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aibase-CS v1.096.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Akala Exe Lock v3.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Alchemy Eye v7.6.18.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Alcohol 120 v1.95.4212.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aledensoft Voice Connector v3.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\All Media Fixer Pro v5.4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\All Round Backup v2005.1.4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\All-In-One Common Tools for Morphing.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\All-In-One Portable Burning.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\All-in-one Firewalls.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Almeza MultiSet v1.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Amazing Photo Editor 5.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\American Wedding.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Americas Army.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AmiChart v1.4.5.8.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Amor Photo Downloader v1.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Amphora WineLog v4.02.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\An American Haunting DVDRip XviD-NrrW.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Android Newsgroup Downloader v3.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Animated GIF Producer v3.0.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Anti-Porn v.7.2.8.19.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Anti-Trojan 5.5.421.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AntiCrash 3.6.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Antivirus update AIO.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AnyDVD 6.0.3.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AnyDVD v5.9.6.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AnyDVD v6.0.3.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AoA DVD Copy v2.7.0.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Appleseed DVDRip Xvid.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aqua Pearls v1.03.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Are We There Yet .exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Arles Image Web Page Creator 5.2.7.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Armor Tools v5.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Armor2net Personal Firewall v3.12.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ashampoo AntiSpyWare v1.40.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ashampoo Burning Studio 6.20.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ashampoo Magic Burn v5.2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Astrology software Parashar's Lite 2000.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Atmosphere Deluxe v5.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Auction Auto Bidder v5.2.497.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Audio Converter Pro 6.9.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Audio DVD Creator v1.9.1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Audio Edit Magic v8.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Audio Notes Recorder V6.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aurora DVD Copy 3.1.3.33.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aurora DVD Copy v3.1.3.26.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aurora Media Workshop 2.5.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aurora Media Workshop v2.5.8.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Aurora Media Workshop v2.5.9.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Auto Cleaner v3.7.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AutoRun Pro Enterprise v2.0.3.23.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AutoRun Professional 3.0.3.23.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\AutoRun Professional 3.0.9.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Autodesk AutoCAD 2007 [27Mb Un911Mb].exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Automobile Tracker v4.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Autoplay Media Studio v6.0.3.0 (NeW).exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Autoruns 8.43.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Avast! Professional Edition v4.7.844.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Backup Magic 1.6.4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Backup To CD-RW 5.1.86.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Backup To DVD CD v5.1.173.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Bad Copy 3.70.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Bad Street Brawler.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Bandaroli(POP3) 1.00.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Banner Maker Pro for Flash v1.02.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Batch Image Resizer 2.63.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Batch It! Ultra V1.91.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Batch Watermark Creator v.3.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Batman Dark Tomorrow.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Batman Begins.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Battlefield 1942.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\BearShare Professional v5.2.4.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Best Uninstaller 2.12.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\BestCrypt 7.20.2 Standard Edition.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\BestCrypt v7.08.01.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Binary Vortex v3.4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\BitTorrent 4.40.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Bitcomet 0.7.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Bitplane Imaris v4.2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Blade Trinity.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\BlazeVideo HDTV Player 2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\BlindWrite 5.2.9.142.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Blindwrite Suite 5.05.120.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Blue Streak.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\BluffTitler DX 9.4.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Breaktru ReMind v7.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Brotherhood Xvid.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\BrowserBob Professional v4.0.3.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Bruce Almighty DivX.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Bubble Trouble 1.3 for Sony HiRes.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Burn CD Now ver. 1.85.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\C++ FAQs Second Edition.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\CA eTrust Internet Security Suite 2.0.1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\CCleaner 1.27.255 Beta.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\CD Catalog Expert v8.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\CD Finder 2.1g.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\CD-Lock 5.9.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Cached MP3 Player v1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Call Of Duty 2 ( Fast ).exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\CamFrog Video Chat Pro 3.71.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Chaos (2006).exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Chariots Of War.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Charm Dvd To Real Converter v5.9.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Chat Watch v4.3.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Cheetah DVD Burner v1.14.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Cheetah DVD Burner v1.67.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Chessmaster 10th Edition iSO.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Chicken Little DVDRip Xvid.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\ChrisTV 4.20 Professional.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\ChrisTV Professional v4.95.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Circulate 1.07.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Civilization IV.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\ClamAV 0.85.1-3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\ClockWise v3.30.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Close Combat 4 Battle of the Bulge.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Coin Collector v3.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Color Finesse v1.5.4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Compare It Unicode v3.8.6.1763.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Compare It! 3.04.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Conduit Buddy v2.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\ConvertX To DVD 2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Copytodvd 3.0.55.106.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Cossacks 2 Battle For Europe-DIE iSO.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Crash Xvid.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Crazy Talk 4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Crosswordz v2.7.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Cryptime v3.0.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Crystal Video Dubber 1.9.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Cucusoft DVD Ripper v3.05.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Curosoft OutlookSync v1.4.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\CuteNews v1.3.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\CyberCafePro v5.0 Server &amp; Client (FULL).exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\CyberLink PowerDVD v7.0.1725.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DAEMON Tools 4.0.3 Plus.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DVD Genie 4.05.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DVD Region Killer.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DVD Workshop v12.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DVD X Ghost v1.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DVDFab Platinum 2.55.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DVDIdle Pro v5.9.6.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DVDInfoPro v4.15.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DVDInfoPro v4.54.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DaRO Registry Fixer 2006 v.2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Daemon Tools 4.0.3 Full Pack.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Daemon Tools v4.0.33 - Full Pack.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Daily Inventory v6.1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DataConversionTools FileSplitter v1.01.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Day Watch DVDRip Xvid.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DaySmart v.5.1.8.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Declans French FlashCards v1.4.1260.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Declans ReadWrite Arabic v1.2.941.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Delenda 2.4.16.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Delphi to C++Builder v1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Deus Ex Invisible War.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Deus Ex - Invisible Wars.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Diagram Studio 3.61.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Diet Analysis Plus v7.0.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DigiByte Mpeg Joiner v2.0.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dimsoln Dsanchor V2.6.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dir QuickView 1.70.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Directory Opus 8.2.0.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Directory Watcher v1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Disciples II - Rise of the Elves.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Disneys Aladdin NR.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DivX 5.02 Corp Edition.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DivX 6.0 Pro.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DivX Subtitle Displayer.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dobysoft Softcopy v2.2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Doc-O-Matic Pro v5.0.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DocCommander v1.20.14.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Document Trace Remover v.3.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Download Accelerator Plus v8.0.7.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Download Services v4.1.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Download Spy Emergency 2005 2.0.315.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dr Word Master 7.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dr. DivX 2.0.0 RC1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DreameeSoft Check List Pro v4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Driver Magician V2.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Driver Magician v2.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dual DVD Copy Gold 4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dual DVD Copy Gold v4.05.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dual DVD Copy Silver v3.7.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dual Dvd Copy Gold 4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Dundas Diagram for NET Editor v2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Duplicate MP3 File Finder v6.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\DynAdvance Notifier 1.1.67.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\E-Tools v.1.01.15.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EAHide Advanced v1.2.1026.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EAHide Professional v1.4.1030.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EMS Source Rescuer.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EVEREST Ultimate Edition 2006 v3.00.630 Incl Keygen.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EXPStudio Audio Editor v.3.7.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EarthView v3.3.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Easy DVD Extractor v2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Easy DVD To DVD Copy v3.0.29.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Easy FlashMaker 1.3.415.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EasyCSS 2003.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EasyRecorder v5.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Edit Plus 2.12.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Effect3D Studio v 1.1.0423.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Eight Below.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Elite Keylogger v2.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Elite Utilities 9.0.0 Professional Platinum Edition.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Elite Utilities V9.0.0 Professional Platinum Edition.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EnSharpen v1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EndTask Pro v3.1.39.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Error Killer 2.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EventTracker v5.4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Evidence Destructor v2.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ewido Anti-spyware 4.0.0.172b.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EximiousSoft GIF Creator v3.18.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\EzReminder v2.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\F-Prot Antivirus 3.16c.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\F1 Racing 3d Screensaver v1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FTPRush v1.0.0.571.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FairStars Audio Converter 1.03.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FairStars Audio Converter 1.47.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Fantastic Four.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Fast Photos v1.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FastContent v1.9.0.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FastFolders v3.3.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FastWrite v0.90.0.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FaxAmatic v.9.83.01.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\File & Folder Protector v.2.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\File Amigo Pro v6.0.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\File Audio Processor 4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\File Renamer 1.0.9.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\File Securer Software v3.95.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\File Splitter Deluxe 3.4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Filestream TurboBackup v5.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Finding Nemo.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Flash Capture 1.20.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Flash Decompiler 1.7.0.192.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FlashFXP v3.3.5.1110 Beta5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FlashGet 1.71 Final.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Flashget MegaPack.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FlatOut 2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Floppy Zip Disk Rescue v1.1.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Folder Guard Professional v7.5a.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Folder Lock v5.0.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FolderInfo v2.9.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FolderSizes 3.1.0.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Font Fitting Room Deluxe v2.2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Foo Fighters - There is Nothing Left to Lose.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Foobar2000 0.7.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Foxy v1.6.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Frame Master 2.14.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Framing Studio v1.35.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Fraps 2.6.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Freedom Fighters.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Fresh UI 7.63.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Fruit Machine Mania.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\FunPhotor 4.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GAEA Pollute v7.07.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GAEA Winfence v2.14.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GFI Network Server Monitor v6.0.20050513.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GIF Construction Set Professional v2.0.74a.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Game-Cloner v.1.15.1.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GameBoost v1.12.5.2005.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GameGain 2.1.16.2006.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GameHike v1.1.30.2006.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GameJack 5.0.3.6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GameJack v4.00.506.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Garfield A Tail of Two Kitties (2006) TS.DAMiAN.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Geeks 1.05.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Genie Backup Manager Pro 7.0 Build 7.0.106.275.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GerbView v6.02.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Get Right 4.5.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GetRight 5.2c.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GetSmile v1.9010 Full.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ghost MP3 CD Maker v2.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Gif Movie Gear 4.1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Global Clipboard v1.67.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GoldWave v5.11.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Golden Eye v4.11.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\GoldenBow Systems Voptxp V7.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Google File Search v 1.00.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Google VideoRIP v1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Grand Theft Auto San Andreas iSO.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Grand Theft Auto San Andreas.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Grandma 's Boy (2006).exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Graphe Easy v2.22.0.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Greeting Cards Designer v1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Ground Control II iSO.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HD_Speed 1.4.2.50 Final.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HD_Speed v1.4.1.46.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HTML Link Validator v4.40.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HTML Password Lock v3.2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Half Life 2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HalloSat v.5.41.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HandyCrypto v3.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Helium Music Manager 2006.1 Build 5148.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HelpBlocks v1.16.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Hero Audio Converter v2.7.4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HiDownload Pro 6.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HiDownload v3.33.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Hide Files And Folders v2.3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Hide IP Platinum 2.31.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Hide IP Platinum 2.82.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Hide IP v1.0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Hide Window Hotkey v2.1.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\History Sweeper v2.63.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Hollow Man 2.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Home Cable Modem Booster.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Hooked On ThongNics SS.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\House Of Flying Daggers.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\House Of Wax.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Humvee Assault iSO.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\Hwinfo32 v1.57.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HyperSnap-DX 5.62.04.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HyperSnap-DX v5.11.02 Final.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\Nick\Desktop\Shared Folder\_\HyperSnap-DX v6.00 Beta 6.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Se

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:57 PM

Posted 18 July 2006 - 07:38 AM

Hello,

I couldn't remove the Java program from the Add/Remove list. It came up with an error saying 'The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed'


Well, this is what I asked you previously:

is it possible you accidentally deleted C:\WINDOWS\system32\msiexec.exe previously?


Because that is the Windows installer and it looks like you deleted it.

Let's take a look if you have other copies still present on your system..

Perform next.;

Open notepad and copy and paste next present in the quotebox in it:

cd C:\
dir /a /s msiexec.exe >> check.txt
start notepad check.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and notepad should open.
Copy and paste the contents of it in your next reply.
(In case you are unsure how to create a bat file, take a look here with screenshots.)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:57 PM

Posted 24 July 2006 - 07:15 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users