Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Pop Ups Including Amaena, System Doctor, Winantivirus Etc...


  • This topic is locked This topic is locked
32 replies to this topic

#1 danny_258

danny_258

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 18 July 2006 - 09:01 AM

Hi,

My computer is being bombarded with pop-ups which I cannot seem to remove, and they are slowing down my internet connection and causing annoyance.

Various pop-ups include ads from Amaena, WinAntiVirus, System Doctor and www.ad-w-a-r-e.com, plus random pop-ups with url's such as www.oneperception.com, www.goodrumour.com, www.locatebest.com etc.

If anyone could please help me to remove these pop-ups and any other possible malware from my computer I would be very grateful.

Below is my HJT log, thankyou in advance to anyone who can help!

Logfile of HijackThis v1.99.1
Scan saved at 10:05:06 PM, on 17/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe
C:\Documents and Settings\Gerry\Application Data\F?nts\lsass.exe
C:\Program Files\Microsoft IntelliType Pro\wmskey.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\WINDOWS\System32\Vby65.exe
C:\WINDOWS\System32\KrwH5.exe
C:\Documents and Settings\Gerry\Desktop\zlsSetup_65_722_000_en.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [4EHXZNR4@MQQPS] C:\WINDOWS\System32\Elr0i.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Utrt] "C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Mporiks] C:\DOCUME~1\Gerry\APPLIC~1\FNTS~1\lsass.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{275046A3-FA98-4CBB-A218-ED210CAF91CA}: NameServer = 203.12.160.35 203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\..\{275046A3-FA98-4CBB-A218-ED210CAF91CA}: NameServer = 203.12.160.35 203.12.160.36
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: alg.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\mv28l9fu1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodNano\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:25 AM

Posted 19 July 2006 - 12:04 AM

Hello danny_258,

Welcome to Bleeping Computer :thumbsup:

Please download VirtumundoBeGone:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to the Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the Desktop
* Follow the directions as indicated

This program may generate a "Blue Screen of Death" which is an expected/necessary part of the process.
Do not be concerned.
Just reboot if your system "jams".

To confirm successful deletion, and determine if there are any additional problems, please post the VirtumundoBeGone log VBG.txt. It is found on the Desktop. Also please post a new HijackThis log and let me know how your computer is running. :flowers:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 danny_258

danny_258
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 19 July 2006 - 07:18 AM

Hi Tea,

Thankyou very much for your reply. I ran VirtumundoBeGone, but nothing was detected, here is the log:

[07/19/2006, 19:51:49] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Gerry\Desktop\VirtumundoBeGone.exe" )
[07/19/2006, 19:51:57] - Detected System Information:
[07/19/2006, 19:51:57] - Windows Version: 5.1.2600, Service Pack 1
[07/19/2006, 19:51:57] - Current Username: Gerry (Admin)
[07/19/2006, 19:51:58] - Windows is in NORMAL mode.
[07/19/2006, 19:51:58] - Searching for Browser Helper Objects:
[07/19/2006, 19:51:58] - Finished Searching Browser Helper Objects
[07/19/2006, 19:51:58] - Finishing up...
[07/19/2006, 19:51:58] - Nothing found! Exiting...

and here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:10:50 PM, on 19/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe
C:\DOCUME~1\Gerry\APPLIC~1\FNTS~1\lsass.exe
C:\Program Files\Windows\wWinUpdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\System32\XxwogNwu.exe
C:\WINDOWS\System32\KrwH5.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Notepad++\notepad++.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [4EHXZNR4@MQQPS] C:\WINDOWS\System32\GnumBu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Utrt] "C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Mporiks] C:\DOCUME~1\Gerry\APPLIC~1\FNTS~1\lsass.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: alg.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\o2pqlc751f.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodNano\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe


Unfortunately nothing has changed yet :thumbsup: I hope it can be fixed! Thankyou again for your time.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:25 AM

Posted 19 July 2006 - 02:32 PM

Hello,

I was hoping that by just running the tool it would show itself. Didn't happen. :thumbsup:

Most probably you are dealing with the latest version of Vundo, which targets HijackThis so HijackThis doesn't show its related entries in a log.
Please navigate to your HijackThis folder. Rename your hijackthis.exe to analyse.exe
Reboot.
Then doubleclick analyse.exe and post the log from it in your next reply as well (this will be a HijackThis log of course)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 danny_258

danny_258
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 20 July 2006 - 05:08 AM

Hi Tea,


Thanks again for your help! Here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:03:50 PM, on 20/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\Uxv3.exe
C:\WINDOWS\System32\Qbh53q.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hijackthis\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [4EHXZNR4@MQQPS] C:\WINDOWS\System32\Fbi1r6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Utrt] "C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe" -vt yazb
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: alg.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\dnrq0195e.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodNano\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Best Regards,
Danny.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:25 AM

Posted 20 July 2006 - 03:41 PM

Hi Danny,

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 danny_258

danny_258
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 21 July 2006 - 06:48 AM

Hi Tea,

things seem to be quite a lot better already!

here is the log from Look2Me-Destroyer.exe:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 21/07/2006 6:19:03 PM

Infected! C:\WINDOWS\system32\n2p40c7qef.dll
Infected! C:\WINDOWS\system32\d60mlgd1160.dll
Infected! C:\WINDOWS\system32\d8j02i1mg8.dll
Infected! C:\WINDOWS\system32\dn0601dse.dll
Infected! C:\WINDOWS\system32\enp0l17m1.dll
Infected! C:\WINDOWS\system32\enrol1931.dll
Infected! C:\WINDOWS\system32\f82m0if1e82.dll
Infected! C:\WINDOWS\system32\fpp4037qe.dll
Infected! C:\WINDOWS\system32\h40qled51h0.dll
Infected! C:\WINDOWS\system32\hrrm0591e.dll
Infected! C:\WINDOWS\system32\i0lola331d.dll
Infected! C:\WINDOWS\system32\inxrtmgr.dll
Infected! C:\WINDOWS\system32\j2l4lc3q1f.dll
Infected! C:\WINDOWS\system32\jt2207foe.dll
Infected! C:\WINDOWS\system32\k4800elmehqa0.dll
Infected! C:\WINDOWS\system32\k608lgdu1608.dll
Infected! C:\WINDOWS\system32\kadda.dll
Infected! C:\WINDOWS\system32\l20u0cd9ef0.dll
Infected! C:\WINDOWS\system32\mlacm.dll
Infected! C:\WINDOWS\system32\MLCDec.dll
Infected! C:\WINDOWS\system32\mv8ul9l91.dll
Infected! C:\WINDOWS\system32\mwcsubs.dll
Infected! C:\WINDOWS\system32\n28o0cl3efq.dll
Infected! C:\WINDOWS\system32\n2p40c7qef.dll
Infected! C:\WINDOWS\system32\nutmsg.dll
Infected! C:\WINDOWS\system32\o4nsle571h.dll
Infected! C:\WINDOWS\system32\ojecli.dll
Infected! C:\WINDOWS\system32\okbcji32.dll
Infected! C:\WINDOWS\system32\r0p8la7u1d.dll
Infected! C:\WINDOWS\system32\r88s0il7e8q.dll
Infected! C:\WINDOWS\system32\SzSBase.dll
Infected! C:\WINDOWS\system32\t8r8li9u18.dll
Infected! C:\WINDOWS\system32\u2ru0c99ef.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\n2p40c7qef.dll
C:\WINDOWS\system32\n2p40c7qef.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d60mlgd1160.dll
C:\WINDOWS\system32\d60mlgd1160.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d8j02i1mg8.dll
C:\WINDOWS\system32\d8j02i1mg8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn0601dse.dll
C:\WINDOWS\system32\dn0601dse.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enp0l17m1.dll
C:\WINDOWS\system32\enp0l17m1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enrol1931.dll
C:\WINDOWS\system32\enrol1931.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\f82m0if1e82.dll
C:\WINDOWS\system32\f82m0if1e82.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fpp4037qe.dll
C:\WINDOWS\system32\fpp4037qe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h40qled51h0.dll
C:\WINDOWS\system32\h40qled51h0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hrrm0591e.dll
C:\WINDOWS\system32\hrrm0591e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i0lola331d.dll
C:\WINDOWS\system32\i0lola331d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\inxrtmgr.dll
C:\WINDOWS\system32\inxrtmgr.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j2l4lc3q1f.dll
C:\WINDOWS\system32\j2l4lc3q1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jt2207foe.dll
C:\WINDOWS\system32\jt2207foe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k4800elmehqa0.dll
C:\WINDOWS\system32\k4800elmehqa0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k608lgdu1608.dll
C:\WINDOWS\system32\k608lgdu1608.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kadda.dll
C:\WINDOWS\system32\kadda.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l20u0cd9ef0.dll
C:\WINDOWS\system32\l20u0cd9ef0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mlacm.dll
C:\WINDOWS\system32\mlacm.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\MLCDec.dll
C:\WINDOWS\system32\MLCDec.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv8ul9l91.dll
C:\WINDOWS\system32\mv8ul9l91.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mwcsubs.dll
C:\WINDOWS\system32\mwcsubs.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n28o0cl3efq.dll
C:\WINDOWS\system32\n28o0cl3efq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n2p40c7qef.dll
C:\WINDOWS\system32\n2p40c7qef.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\nutmsg.dll
C:\WINDOWS\system32\nutmsg.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o4nsle571h.dll
C:\WINDOWS\system32\o4nsle571h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ojecli.dll
C:\WINDOWS\system32\ojecli.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\okbcji32.dll
C:\WINDOWS\system32\okbcji32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r0p8la7u1d.dll
C:\WINDOWS\system32\r0p8la7u1d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r88s0il7e8q.dll
C:\WINDOWS\system32\r88s0il7e8q.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\SzSBase.dll
C:\WINDOWS\system32\SzSBase.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\t8r8li9u18.dll
C:\WINDOWS\system32\t8r8li9u18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\u2ru0c99ef.dll
C:\WINDOWS\system32\u2ru0c99ef.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6CE34D9C-4DF2-49C8-95D1-D487CCBB8C45}"
HKCR\Clsid\{6CE34D9C-4DF2-49C8-95D1-D487CCBB8C45}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F4755932-01BC-4E86-B099-FB2D6D8EB8EC}"
HKCR\Clsid\{F4755932-01BC-4E86-B099-FB2D6D8EB8EC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E5195903-7F4D-42A4-A409-F58173FC3CE2}"
HKCR\Clsid\{E5195903-7F4D-42A4-A409-F58173FC3CE2}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AD1D196B-0F49-454A-8A0D-CA908F3114FB}"
HKCR\Clsid\{AD1D196B-0F49-454A-8A0D-CA908F3114FB}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


and here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:00:57 PM, on 21/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\Uxv3.exe
C:\WINDOWS\System32\Vby65.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gerry\My Documents\?icrosoft.NET\csrss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hijackthis\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [4EHXZNR4@MQQPS] C:\WINDOWS\System32\Fbi1r6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Utrt] "C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Jypvksp] C:\Documents and Settings\Gerry\My Documents\?icrosoft.NET\csrss.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: alg.dll C:\WINDOWS\System32\taskmgr.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodNano\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe


Best Regards,
Danny.

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:25 AM

Posted 26 July 2006 - 09:01 AM

Hello Danny,

Please forgive my delay in responding. :thumbsup: I'm glad it's better, but still a lot to do here.

Please download PeperFix from here:
http://downloads.subratam.org/PeperFix.exe
Save it to the desktop and run it. Click "Find and Fix" to scan your system for the Peper trojan, and allow PeperFix to remove all infected files. Restart your computer if prompted.

After your computer restarts, please run PeperFix again. Repeat the above process, and continue until PeperFix reports "No files found".

In your reply, please post a new HijackThis log and let me know how your computer is running. :flowers:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 danny_258

danny_258
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 28 July 2006 - 08:17 AM

Hi Tea,

Thankyou for your reply! I appreciate it very much! :thumbsup:

here is my new Hijack This log after following your instructions:

Logfile of HijackThis v1.99.1
Scan saved at 9:12:51 PM, on 28/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe
C:\WINDOWS\?racle\smss.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hijackthis\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4EHXZNR4@MQQPS] C:\WINDOWS\System32\Elr0i.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Utrt] "C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Mcchp] C:\WINDOWS\?racle\smss.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: alg.dll C:\WINDOWS\System32\taskmgr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodNano\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Best Regards,
Danny.

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:25 AM

Posted 31 July 2006 - 08:19 PM

Hello,

Please forgive my delayed reply. :thumbsup:

Look in your control panel's add/remove programs for PuritySCAN By OIN, OuterInfo, OIN, Cowabanga, SnowballWars or similar. Click on it and then click remove.

Reboot and if found, delete this folder:

C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
http://www.outerinfo.com/howto.html
Tutorial for the uninstaller if needed

Reboot when done and if found, delete this folder:

C:\Program Files\PurityScan

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close ewido. Do not run it yet.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [Utrt] "C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Mcchp] C:\WINDOWS\?racle\smss.exe
O20 - AppInit_DLLs: alg.dll C:\WINDOWS\System32\taskmgr.dll


Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following files/folders:

C:\PROGRA~1\COMMON~1\YSTEM3~1 <-----This folder, will likely be longer but begin with those letters
C:\WINDOWS\?racle <-----this folder, will likely be longer but begin with those letters.
  • In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.
In your reply, please post the report from Ewido and a new HijackThis log. Also let me know how your computer is running. :flowers:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 danny_258

danny_258
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 02 August 2006 - 06:26 AM

Hi Tea,

Thanks for your reply! :thumbsup:

I followed your instructions, however I did not find the following files present in HJT:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [Utrt] "C:\PROGRA~1\COMMON~1\YSTEM3~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Mcchp] C:\WINDOWS\?racle\smss.exe

And also I couldn't find this file to delete:
C:\WINDOWS\?racle <-----this folder, will likely be longer but begin with those letters.


Here is the logs from Ewido and HJT:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:05:39 PM 1/08/2006

+ Scan result:



C:\Documents and Settings\Administrator\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W1E3O5E3\asmfiles[1].cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Gerry\Local Settings\Temp\temp.fr291E -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Gerry\Local Settings\Temp\temp.fr2695 -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\My Documents\ѕymbols\dexplore.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Local Settings\Temp\i49.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\!PeperFix\UdckLt.exe -> Backdoor.VB.oq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dr.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\setup.exe.tmp -> Downloader.VB.afb : Cleaned with backup (quarantined).
C:\!PeperFix\Elr0i.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\!PeperFix\Fbi1r6.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\!PeperFix\GnumBu.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\!PeperFix\Qbh53q.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\!PeperFix\Uxv3.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\!PeperFix\Vby65.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\!PeperFix\VsbW.exe -> Downloader.VB.em : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\SH67W9YN\ABoxInst_int15[1].exe -> Downloader.VB.ft : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\3 Doors Down - Landing In London.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\3 Doors Down - Live For Today.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\4 Strings - Hurricane.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\4 Strings - Sunrise (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\4 Strings - Until You Love Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\50 Cent & Olivia - Best Friend.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\50 Cent - Build You Up (Feat. Jamie Foxx).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\50 Cent - Hustler's Ambition.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\50 Cent - Window Shopper.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\7 Air - Outland.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\ATB - Humanity.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Above & Beyond - Alone Tonight.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Accuface - Pure Energy.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Activ - Doar Cu Tine (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Afroman - Because I Got High.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ahmir - You're The One.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Airbase - Escape.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ak Project - Forever.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Akira - Million Miles From Home.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Akira - Piece of Heaven (Radio Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Alanis Morissette - Precious Illusions.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Alcazar - Someday.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Alex M.O.R.P.H. & Woody Van Ey - Heavenly.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Allie - Living In A Whisper (Anton Bass New Pop Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Andrew Spencer Feat. Pit Bailay - Im Always Here.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Angelina - Pictures of You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Anggun - In Your Mind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Anggun - Saviour.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Anna Nalick - Breathe (2 AM).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Antolini & Moreno Vs Thmoas Gold - Dont Know Anybody (Less Vox Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Arash - Arash (Feat Helena).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Arctic Monkeys - When the Sun Goes Down.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Arnold Palmer vs Moti Special - Cold Days.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ashlee Simpson - Boyfriend (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ashlee Simpson - Invisible.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ashley Parker Angel - Let U Go (Final Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Astral Projection - Dj Condom.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Atb - Loose The Gravity.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Audio Bullys vs. Steve Angello vs. Pizzaman - Get Get Down (Elektric Cow......).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Avalon Superstar ft Rita Campbell - All My Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Avant - 4 Minutes.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Avant feat. Jermaine Dupri - Ghetto Public Service Announcement.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Avant feat. Lloyd Banks - Exclusive.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Avantgarde - Get Down (Megara vs. Dj Lee Remix Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Axel Coon - Third Base.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Axwell - (Can You) Feel the Vibe.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Axwell Feat Steve Edwards - Watch The Sunrise.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Baby Bash - Sexy Eyes Da Da Da Da.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Baracuda - Ass Up (Groove Coverage Rmx).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Bay City Rollers - Rock And Roll Love Letter.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Beam - On Your Mind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Beatfreakz - Somebody's Watching Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Beenie Man feat. Akon - Girls.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Benassi Bros - Rocket In The Sky.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Benassi Bros Feat. Dhany - Make Me Feel (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Benassi Bros Feat. Dhany - Rocket In The Sky (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Benassi Brothers ft Naan - Feel Alive (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Beyonce feat. Slim Thug - Check On It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Beyonce ft. Slim Thug - Check On It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Big Ang feat Siobhan - Its Over Now (flip & fill remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Big World Presents Swen G Ft. Inus - Morning Light (Vocal Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Bizzare - Hip Hop (Ft. Eminem).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Black Buddafly ft Fabolous - Bad Girl.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Black Eyed Peas - My Humps.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Black Eyed Peas - My Style.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Black Eyed Peas - Pump It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Blaze Foley - Blaze Foley-If I Could Only Fly.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Bob Sinclair ft Gary Pine - Love Generation (radio edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Bob Sinclar - World Hold On.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Bob Sinclar ft. Steve Edwards - World Hold On (Video Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Boney M - Daddy Cool.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Bonito & Louis - Rush.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Bonito & Trooper - Journey Of Life (Alex Megane Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Brian McFadden - Irish Son.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Britney Spears - Girl In The Mirror.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Britney Spears - My Only Wish (This Year).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Brooklyn Bounce - Club Bizarre.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Bubba Sparxxx - Heat It Up.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Bubba Sparxxx ft. Petey Pablo - The Other Side.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Busta Rhymes - Touch It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Busta Rhymes Kelis Will I Am - I Love My bleep.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Busta Rhymes ft. Mariah Carey - Give It To Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Busted - Air Hostess.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Cabballero - Sleepin (Now That You Are Gone).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Cabin Crew - Star To Fall (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Carl B - Solitude.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Carl Cox With Hannah Robinson - Give Me Your Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Cary August - Don`t You Forget About Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Cascada - Everytime We Touch (Radio Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Cascada - Miracle (Radio Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Cascada - Neverending Dream.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Cassie feat. Ray-J - Me & You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Celine Dion - God Bless America.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ceoma feat. The Larx - Love Is More.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Chamillionaire ft. Krayze Bone - Ridin'.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Channing - Bootsy Bootsy Boom (Original Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Chingy feat Tyrese - Pulling Me Back.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Chris Brown - Gimme That.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Chris Brown Feat. Juelz Santan - Run It! (Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Christina Aguilera - Ain't No Other Man (PO Clean Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Christina Millian - Say I.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Cj Stone Feat Rename - Call My Name.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Coldplay - Clocks.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Coldplay - Talk (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Coldplay - The Hardest Part.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Corydalics - After Sun.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Cradle Of Filth - Mannequin.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Craig David - Unbelievable.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Crazy Frog Crazy Hits - Dirty Frog.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Crazy Frog - We Are The Champions.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\D4L - Betcha Can't Do It Like Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DJ Antoine - All We Need.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DJ Dean - Kick Off.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DJ Lee - Fight Hard.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DJ Shog - Jealousy (Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DJ Shog - Running Water.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DJ Shog - Rush Hour.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DJ Tatana - If I Could.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DJ Whirl & Mayer - Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DJ's@Work - No Easy Way Out.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DMX - Lord Give Me A Sign.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DMX - We In Here.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\DT8 - Winter.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Daddy Yankee - Rompe (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Daniel Powter - Bad Day.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dannii Minogue & The Soul Seek - Perfection.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dave 202 - Imagine Yourself (Dream Mix Short Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dead Prez Feat K'naan & Stori - Til We Get There.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Debbie Loeb - Faraway (Extended Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Deep Dish - Traccia Audio 01.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Deep Dish Feat. Stevie Nicks - Dreams (Axwell Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dem Franchize Boyz ft. Lil Peanut & Charlay - Lean Wit It, Rock Wit It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Depeche Mode - Suffer Well.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dimension X Feat. TF - Why`d I Have To Fall In Love With You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dixie Chicks - Not Ready To Make Nice.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dj Ferit vs. Pussycat Dolls - Buttons.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dj Merlin ft Dj C-Bass - Traveller (DJ Dean & NXP Radio Cut).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Djs@work - Your Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dogzilla - Without You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Doing Time Feat. in-Grid - I Was A Ye-Ye Girl (Agiman Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Double V - Moscow Morning.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Drax And Scott Mac - Must Have Been A Dream.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dream Dance Alliance (D. D. Alliance) - Ayers Rock (Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Dream Dance Alliance - Butterfly.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Duderstadt - Muhanjala.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Duende - Ilimitado.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\E-Craig vs. Ratty - Call It A Sunrise.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Elan Feat Assassin - Girl.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Elastica - S.O.F.T..mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Electro Blues Feat. Stefy Deep - Mia Mao Minha Gente.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Elize - Automatic (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Elize - Into Your System.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Elvis Presley - Elvis Presley.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Elysee - Dreaming About You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Embrace - Nature's Law.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Eminem - Shake That (Feat. Nate Dogg).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Enrique Iglesias & Kelis - Not In Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ernesto Vs. Bastian - Dark Side Of The Moon (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Fall Out Boy - A Little Less Sixteen Candles.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Fall Out Boy - Dance, Dance.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ferry Corsten - Star Traveller.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Field Mob Feat. Ciara - So What (Radio Version).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Filterfunk - Message In The Bottle (Delano & Crockett Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\First State - Sacred.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Flipsyde - Someday.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Fragma - Radio Waves.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Franz Ferdinand - Come On Home.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Franz Ferdinand - Do You Want To.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Freemasons Ft. Amanda Wilson - Watchin'.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\G-Spott - Sadness.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Gabriel & Dresden - Tracking Down Treasure.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Galen Behr - Time Will Tell.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Gavin & Nox feat. Sinatic - In Your Eyes (Radio Version).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\George Michael - An Easier Affair.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Gigi D`agostino - I Wonder Why (Gigi Dag from Beyond F.M.).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Girls Aloud - I'll Stand By You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Girls Aloud - Long Hot Summer.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Girls Aloud - Whiite Christmas.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Gnarls Barkley - Crazy.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Gorillaz - Faust.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Green Day - Jesus of Suburbia.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Grooveyard - Mary Go Wild (Ron Van Den Beuken Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Gwen Stefani - Cool.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Gwen Stefani - What You Waiting For.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\H.I.M. - Wings Of A Butterfly.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Haji & Emmanuel - Take Me Away (Stonebridge Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Heinko & Maiko - Sonnenschein.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\High Tack - Say Say Say.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Iacono Feat. Gucci One - True Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ice Cube - Why We Thugs.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Imogen Heap - The Walk.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Inbox - Sound Of Silence.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Infernal - Form Paris to Berlin.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ishtar Alabina Feat. J-Mi Sissoko - Habibi.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\JPL - Ilmola.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Jack Johnson - Upside Down.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\James Blunt - High (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\James Blunt - You're Beautiful.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Jenn Cunetta - Come Rain Come Shine.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Joey Negro - Make A Move On Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Jonesmann - Nenn Mich Jones.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Jose Amnesia feat Linn - Closer.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Josh Hoge - 360.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Juanes - A Dios le Pido.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Juelz Santana - There It Go! (The Whistle Song).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Juvenile - Whats Happenin (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kane - Fearless.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kane - Something To Say.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kanye West - Though The Wire.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kanye West ft.Lupe Fiasco - Touch The Sky.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kate Bush - Cussi Cussi.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Keane - Is It Any Wonder.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kelly Clarkson - Breakaway.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kelly Clarkson - Walk Away.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kevin Lyttle - Away.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kim-Lian - Road To Heaven.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kooks - Naive.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kottonmouth Kings - Put It Down.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Krzystof Cochlow - Release.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kt Tunstall - Black Horse And The Cherry Tre.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kuffdamm & Plant - Dream Makers.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Kyau vs. Albert - Walk Down.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\LL Cool J Ft. Jennifer Lopez - Control Myself (PO Clean Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Lasgo feat. Dave Beyer - Who´s That Girl.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\LeToya - Torn.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Leann Rimes - Headphones.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Lee Ryan - Real Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Lenny B Ft. Krystal Kay - I Touch Myself (Extended Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Lil Bow Wow ft Ciara - Like You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Lil Jon - Snap Ya Fingers ft. Sean Paul And E40.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Lili Yoncheva - Happy People.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Liquidspace - Mental Thing 2005.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Lloyd Banks - Get Low.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Lumidee - Never Leave You (Coin Illegal Club Rmx).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\M. I. K. E. - Strange World.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Madonna - Get Together.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Madonna - How High.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Madonna - Isaac.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Madonna - Jump.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mandy Moore - Music (Remix0...).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Marcel Woods - Cherry Blossom.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Marco V - False Light.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mariah Carey - All I Want For Christmas Is You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mariah Carey - Hark! The Herald Angels Sing.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mariah Carey - Jesus Born On This Day.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mariah Carey - Santa Claus Is Comin' To Town.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Martin Roth - Shockwaves.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Martin Silence - Energy.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Martin Solveig - Jealousy (ft Lee Fields).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mary J. Blige - Be Without You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mary J. Blige Ft. U2 - One.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Massari - Be Easy.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Massari - Real Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Matisyahu - King Without a Crown.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mattafix - Big City Life.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Max Graham Vs Yes - Owner of A Lonley Heart.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Meck Feat. Leo Sayer - Thunder In My Heart Again.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Megan McCauley - Tap That.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Megan Rochell Feat Fabolous - The One You Need.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Megara ft DJ Lee - Outside World (Club Cut).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mel & Kim - Rockin' Around The Christmas Tree.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Metallica - Nothing Else Matters.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Michael Simon feat. Terri B - Feeling Fire (Radio Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Michael Tolcher - Waiting.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mike Austin - Kylie.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Miles Davis - Black Satin.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mindhunters - Scream.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mobb Deep Ft. 50 Cent & Nate Dogg - Have A Party.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Morandi - Falling Asleep.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Morandi - Love Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mrs. Jane Doe - I Remember (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mylo Miami Sound Machine - Doctor Pressure (Dirty Version).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Mylo vs. Miami Sound Machine - Doctor Pressure.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Narcotic Thrust - Waiting For You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Natasha Bedingfield - Unwritten.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Nato - Chorjavon.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ne-Yo - Sexy Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ne-Yo - So Sick.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ne-Yo - When You're Mad.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Nelly Featuring Paul Wall, Ali & Gipp - Grillz.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Nelly Furtado - Maneater.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Nelly Furtado - No Hay Igual.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Nelly Furtado feat. Timbaland - Promiscuous.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\New Order (With Echo) - Run Run Run.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Nick Cannon - My Wife.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Nick Lachey - What's Left Of Me (The Passengerz Remix Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Nickelback - Photograph.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Nickelback - Savin' Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\No Angels - Daylight In Your Eyes.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\No Angels - Let`s Go To Bed.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\No Doubt - Hella Good.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Novaspace - Run To You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\O-Zone - De Ce Plang Chitarele (Radio Version).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Obie Trice - Adrenaline Rush.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Obie Trice Feat Akon - Snitch.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\One-To-One - In The Morning Light.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Orson - No Tomorrow.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Outkast - Hey Ya.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\P.O.D. - Goodbye For Now.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Paffendorf feat. Leyla De Vaar - Under My Skin.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Panic At The Disco - I Write Sins Not Tragedies.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Papa Roach - Last Resort.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Paris Avenue ft Robin One - In My Mind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Paris Hilton - Stars Are Blind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Paul Mccartney - Goodbye.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Pet Shop Boys - I'm With Stupid.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Petey Pablo - Give It Up.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Pharrell Featuring Gwen Stefan - Can I Have it Like That.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Pink - Who Knew.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Pixies - Where Is My Mind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Placebo - Song To Say Goodbye.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Pretty Ricky - Pause.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Pretty Ricky - Your Body.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Prince - Black Sweat.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Prodigy Jadakiss - Livin The Life.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Public Domain - Love U More.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Pulsedriver - Insane.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Pussycat Dolls - Dont Cha.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Pussycat Dolls - Stickwitu.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Q Amey Featuring Jazze Pha - Forever Girl (Clean Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\R. Kelly ft Sean Paul And Akon - Slow Wind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rammstein - Benzin.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rascal Flatts - What Hurts The Most.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ray J - One Wish.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Red Hot Chili Peppers - Dani California.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rick Ross - Hustlin'.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ricky Martin - Life.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rihanna - If It's Lovin' That You Want.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rihanna - S.O.S..mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rihanna - Unfaithful.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rimini Project - A Day In The Sun.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rob Thomas - Something To Be.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Robbie Williams - Advertising Space.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Robbie Williams - Ghosts.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Robert Nickson feat. Elsa Hill - Close Your Eyes.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rocco - Street Knowledge (Megara Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Roland Kenzo - Love Behind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rolling Stones - The.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Ron Van Den Beuken - Sunset.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rumuneca & Enchev - San Sanana.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Run DMC - Christmas In Hollies.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Rushroom Feat. Fara - Kiss Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sandra Flyn - Red is Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quar

#12 danny_258

danny_258
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 02 August 2006 - 06:34 AM

rantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sandra Flyn - Rocking.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Santana feat. Joss Stone & Sean Paul - Cry Baby Cry.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Santoro - Floating Away.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sarah Connor - Skin On Skin.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Savage Garden - I Knew I Loved You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Scissor Sisters - Take Your Mama.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Scooter - See Me, Feel Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sean Paul - Give It Up To Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sean Paul - Temperature.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sean Paul - We Be Burning.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sean Tyas - Mirella.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Second Sun - Playground (Original Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Semisonic - Singing In My Sleep.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Shaggy - Clothes Drop.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Shaggy - Stand Up.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Shakira Ft. Wyclef Jean - Hips Don't Lie.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Shapeshifters - Incredible.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Shaun Baker - Push! (Melino Original Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Shawnna - Getting Some.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Shayne Ward - No Promises.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sherrie Lea - No Ordinary Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Shocksteady - Take A Ride.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Skyline feat. Elisabeth - Travelling.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Slade - Merry Xmas Everybody.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Snow Patrol - Chasing Cars (Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Snow Patrol - You're All I Have.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Solarstone & Jes - Like A Waterfall.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\South Side Crew - Go Your Own Way.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Southside Spinners - Luvstruck 2005.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Space Brothers - Everywhere I Go (DJ Demand).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Spoot - Morning Sun.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Staind - Everything Changes.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Staind - Outside.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Stefan Cambridge - Blue Moon (Brisky Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Subnerve - White Scale.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sugababes - Follow Me Home.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sugababes - Push The Button.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sugababes - Red Dress.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sugar Caine Presents Soul Buddh - Waterfalls (2nd Latin Re-Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sunblock - I'll Be Ready (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sunblock feat. Robin Beck - First Time.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sunloverz - Shine On (Reloaded Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sunny Lax - P.U.M.A.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Sunset Project - Summer Lovin'.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Supafly and Fishblow - Lets Get Down.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Taking Back Sunday - Divine Intervention.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Talking Heads - Our House In The Middle Of The Street.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Thalia - No Me Voy A Quebrar.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\The Calling - Carol Of The Bells.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\The Dandy Warhols - Smoke It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\The Kelly Family - Love, Music 'n Sun.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\The New Pornographers - The End Of Medicine.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Vanilla Ice - Ice Ice Baby Mix.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Weezer - Surf Wax America.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\Wu-Tang Clan - C.R.E.A.M..mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\e-Love - Here Comes The Rain Again (Sinatic Radio Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Desktop\Music\_\yesyesyesyes.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E7CD7A38-FC79-496E-B324-12FF5B.asq -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Gerry\Local Settings\Temporary Internet Files\Content.IE5\0HYROXEZ\send_ocx_sof[1].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Gerry\Local Settings\Temporary Internet Files\Content.IE5\GP4LS72X\send_ocx_sof[1].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Gerry\Local Settings\Temporary Internet Files\Content.IE5\GP4LS72X\send_ocx_sof[2].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Gerry\Local Settings\Temporary Internet Files\Content.IE5\ODYRSLM3\send_ocx_sof[1].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Gerry\Local Settings\Temporary Internet Files\Content.IE5\Q3CXKDEZ\send_ocx_sof[1].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\S5E74TQ3\send_ocx_sof[1].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\S5E74TQ3\send_ocx_sof[2].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\SH67W9YN\send_car_int[2].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\SH67W9YN\send_ocx_sof[1].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\SH67W9YN\send_ocx_sof[2].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\SH67W9YN\send_ocx_sof[3].html -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored.
C:\Documents and Settings\Daniel\Cookies\daniel@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@aotgroup.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@marketworksinc.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@aotgroup.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@msnlivefavorites.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\gerry@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\gerry@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\gerry@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@install.bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\gerry@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@e-2dj6wfmikhcpwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@e-2dj6wglicgdpgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@e-2dj6wgmywmc5scp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@e-2dj6wjlosgcpmdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@e-2dj6wjnyokd5cho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@e-2dj6wjnyspd5sep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wfk4updzmgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wfkyqhd5edo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wflokmczalo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wfmiciajihq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wfmyqldjgao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wgkialcpcbq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wgmishczacp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjk4wpajefp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjkoajdzakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjkoggcpabq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjkosgajkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjlispcpseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjmyoiazagq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjmyshczeao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjmyujczgkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjmyujdjmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@e-2dj6wjnyspd5sep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@ad.yieldmanager[5].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\gerry@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\gerry@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gerry\Cookies\gerry@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jake\Application Data\Mіcrosoft\explorer.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Local Settings\Temp\!update.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).

and here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:13:37 PM, on 2/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wisptis.exe
C:\WINDOWS\notepad.exe
C:\hijackthis\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4EHXZNR4@MQQPS] C:\WINDOWS\System32\Elr0i.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{275046A3-FA98-4CBB-A218-ED210CAF91CA}: NameServer = 203.12.160.35 203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\..\{275046A3-FA98-4CBB-A218-ED210CAF91CA}: NameServer = 203.12.160.35 203.12.160.36
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodNano\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



(p.s. I have no idea why all those song titles are listed, many of which i've never even heard of, from the ewido log it points to a location in my little brothers profile, but none of those songs are there nor have they ever been there)


Best Regards,
Danny.

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:25 AM

Posted 03 August 2006 - 03:34 AM

Hello Danny,
Well, they came from somewhere and brought a lot of garbage with them :thumbsup: Before we go on I want you to install an AntiVirus program.
AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirus scanner on your system! Several together can give you problems and decrease the reliability of it seriously! Choose one of these and install it. Run a thorough scan. Reboot when it's done.

In your reply, please post a new HijackThis log and let me know how your computer is running now.

Thanks,
tea

Edited by teacup61, 03 August 2006 - 03:39 AM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 danny_258

danny_258
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 August 2006 - 05:43 AM

Hi Tea!


My computer seems to be running well, here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:41:22 PM, on 7/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\iPodNano\iPod\bin\iPodService.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\hijackthis\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4EHXZNR4@MQQPS] C:\WINDOWS\System32\Elr0i.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{275046A3-FA98-4CBB-A218-ED210CAF91CA}: NameServer = 203.12.160.35 203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\..\{275046A3-FA98-4CBB-A218-ED210CAF91CA}: NameServer = 203.12.160.35 203.12.160.36
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodNano\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Best Regards,
Danny.

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:25 AM

Posted 07 August 2006 - 09:20 PM

Hi Danny :thumbsup:


Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [4EHXZNR4@MQQPS] C:\WINDOWS\System32\Elr0i.exe

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Delete the following file:

C:\WINDOWS\System32\Elr0i.exe

Reboot your computer.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users