Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Project1 Virus


  • This topic is locked This topic is locked
28 replies to this topic

#1 a778999

a778999

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 September 2006 - 11:14 PM

My computer recently got infected with the project1 virus (it shows up in the task manager every time I log in). Can someone help me analyze the following log?

Logfile of HijackThis v1.99.1
Scan saved at 9:32:28 PM, on 9/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\TWluIENhaQ\command.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sebsdiw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\dfndrff_15.exe
C:\kybrdff_16.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\win32073262091945.exe
C:\WINDOWS\sys029194532620.exe
C:\WINDOWS\xpaodggA.exe
C:\WINDOWS\gqsqfbiA.exe
C:\WINDOWS\ms054532620919.exe
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\sebsdiwA.exe
C:\WINDOWS\ms031945326209.exe
C:\Program Files\Common Files\{7CB08D6E-095A-1033-0721-030624030001}\Update.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\crunner\cproc.exe
C:\Program Files\CMFibula\CMFibula.exe
C:\PROGRA~1\COMMON~1\koru\korum.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\koru\korua.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchFilter.exe
C:\WINDOWS\ms0494532620912006.exe
C:\WINDOWS\win32082620919453.exe
C:\HijackThis\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpe.dll/blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...;N=PLEM&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bclwb.exe
F2 - REG:system.ini: UserInit=userinit.exe,mwrblac.exe
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: VZBB - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_16.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [win32082620919453] C:\WINDOWS\win32082620919453.exe
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [{08-8D-D6-6E-ZN}] c:\windows\system32\osdsregl.exe GEN001
O4 - HKLM\..\Run: [riudaa58] RUNDLL32.EXE w1aa1e8c.dll,n 003daa55000000031aa1e8c
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [win32073262091945] C:\WINDOWS\win32073262091945.exe
O4 - HKLM\..\Run: [ms049453262091] C:\WINDOWS\ms049453262091.exe
O4 - HKLM\..\Run: [sys029194532620] C:\WINDOWS\sys029194532620.exe
O4 - HKLM\..\Run: [sys102091945326] C:\WINDOWS\sys102091945326.exe
O4 - HKLM\..\Run: [xpaodggA] C:\WINDOWS\xpaodggA.exe
O4 - HKLM\..\Run: [sys010919453262] C:\WINDOWS\sys010919453262.exe
O4 - HKLM\..\Run: [gqsqfbiA] C:\WINDOWS\gqsqfbiA.exe
O4 - HKLM\..\Run: [ms054532620919] C:\WINDOWS\ms054532620919.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [ms065326209194] C:\WINDOWS\ms065326209194.exe
O4 - HKLM\..\Run: [sebsdiwA] C:\WINDOWS\sebsdiwA.exe
O4 - HKLM\..\Run: [sys031945326209] C:\WINDOWS\sys031945326209.exe
O4 - HKLM\..\Run: [ms031945326209] C:\WINDOWS\ms031945326209.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [koru] C:\PROGRA~1\COMMON~1\koru\korum.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?7ec03ceecef74b11929bb16ca8b9f239
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?7ec03ceecef74b11929bb16ca8b9f239
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} (VZBB) - http://www2.verizon.net/micro/vol_toolbar/vzbb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\hr8205loe.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWluIENhaQ\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sebsdiw.exe

Thanks!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:34 PM

Posted 08 September 2006 - 09:38 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 a778999

a778999
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 September 2006 - 09:38 AM

Hi Sam,
I am having some trouble with ComboFix. I downloaded it to the desktop and tried to run it several times. Each time, I get the following message:

Active Look2Me found!!!

Then ComboFix closes and I am left with a blank desktop. When I looked at the task manager, ComboFix is not listed. Before running, I closed all other windows and I never clicked on the ComboFix window. Do you know what is wrong?

a778999

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:34 PM

Posted 09 September 2006 - 03:00 PM

Your computer is so heavily infected that it's possible that Combofix is just having trouble handling everything. Let's get rid of some of this stuff using different tools and then we may come back to Combofix later.


Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 a778999

a778999
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 September 2006 - 05:45 PM

Hi Sam,
There is no C:\Look2Me-Destroyer.txt but there is a file of the same name on my Desktop. Here are contents of that file and a new HijackThis Log:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 06-09-09 18:06:35

Infected! C:\WINDOWS\system32\s8pu0i79e8.dll
Infected! C:\WINDOWS\SYSTEM32\avtiveds.dll
Infected! C:\WINDOWS\SYSTEM32\dbmclien.dll
Infected! C:\WINDOWS\SYSTEM32\dn0201doe.dll
Infected! C:\WINDOWS\SYSTEM32\dnp6017se.dll
Infected! C:\WINDOWS\SYSTEM32\dnrq0195e.dll
Infected! C:\WINDOWS\SYSTEM32\jtp6077se.dll
Infected! C:\WINDOWS\SYSTEM32\mvjol9131.dll
Infected! C:\WINDOWS\SYSTEM32\rtpwsx.dll
Infected! C:\WINDOWS\SYSTEM32\s8pu0i79e8.dll
Infected! C:\WINDOWS\SYSTEM32\_P02564_.tmp.dll
Infected! C:\WINDOWS\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\s8pu0i79e8.dll
C:\WINDOWS\system32\s8pu0i79e8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\avtiveds.dll
C:\WINDOWS\SYSTEM32\avtiveds.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\dbmclien.dll
C:\WINDOWS\SYSTEM32\dbmclien.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\dn0201doe.dll
C:\WINDOWS\SYSTEM32\dn0201doe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\dnp6017se.dll
C:\WINDOWS\SYSTEM32\dnp6017se.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\dnrq0195e.dll
C:\WINDOWS\SYSTEM32\dnrq0195e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\jtp6077se.dll
C:\WINDOWS\SYSTEM32\jtp6077se.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\mvjol9131.dll
C:\WINDOWS\SYSTEM32\mvjol9131.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\rtpwsx.dll
C:\WINDOWS\SYSTEM32\rtpwsx.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\s8pu0i79e8.dll
C:\WINDOWS\SYSTEM32\s8pu0i79e8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\_P02564_.tmp.dll
C:\WINDOWS\SYSTEM32\_P02564_.tmp.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{823E74B7-40C6-4BFF-B1E9-1876683BCC9A}"
HKCR\Clsid\{823E74B7-40C6-4BFF-B1E9-1876683BCC9A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{252F9587-EEEF-4733-A953-05771EE9EAB5}"
HKCR\Clsid\{252F9587-EEEF-4733-A953-05771EE9EAB5}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DD9F5599-8E03-44ED-AB4A-3271703F0B12}"
HKCR\Clsid\{DD9F5599-8E03-44ED-AB4A-3271703F0B12}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7CCB0602-55A9-4937-A49F-BBDDD117DA07}"
HKCR\Clsid\{7CCB0602-55A9-4937-A49F-BBDDD117DA07}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5971E0FD-4388-4F2C-8F9A-77B3A2D22EAE}"
HKCR\Clsid\{5971E0FD-4388-4F2C-8F9A-77B3A2D22EAE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D44A0F86-5244-44A5-A51C-05F9CD1E5E5E}"
HKCR\Clsid\{D44A0F86-5244-44A5-A51C-05F9CD1E5E5E}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

--------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:37, on 06-09-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\TWluIENhaQ\command.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\dfndrff_15.exe
C:\kybrdff_16.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\xpaodggA.exe
C:\WINDOWS\gqsqfbiA.exe
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\sebsdiwA.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\sebsdiw.exe
C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
C:\Program Files\Common Files\{7CB08D6E-095A-1033-0721-030624030001}\Update.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\crunner\cproc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CMFibula\CMFibula.exe
C:\PROGRA~1\COMMON~1\koru\korum.exe
C:\Program Files\PSCloner\PSCloner.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\koru\korua.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\PROGRA~1\COMMON~1\koru\korul.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpe.dll/blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...;N=PLEM&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bclwb.exe
F2 - REG:system.ini: UserInit=userinit.exe,mwrblac.exe
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: VZBB - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_16.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [{08-8D-D6-6E-ZN}] c:\windows\system32\osdsregl.exe GEN001
O4 - HKLM\..\Run: [riudaa58] RUNDLL32.EXE w1aa1e8c.dll,n 003daa55000000031aa1e8c
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [win32073262091945] C:\WINDOWS\win32073262091945.exe
O4 - HKLM\..\Run: [ms049453262091] C:\WINDOWS\ms049453262091.exe
O4 - HKLM\..\Run: [sys029194532620] C:\WINDOWS\sys029194532620.exe
O4 - HKLM\..\Run: [sys102091945326] C:\WINDOWS\sys102091945326.exe
O4 - HKLM\..\Run: [xpaodggA] C:\WINDOWS\xpaodggA.exe
O4 - HKLM\..\Run: [sys010919453262] C:\WINDOWS\sys010919453262.exe
O4 - HKLM\..\Run: [gqsqfbiA] C:\WINDOWS\gqsqfbiA.exe
O4 - HKLM\..\Run: [ms054532620919] C:\WINDOWS\ms054532620919.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [ms065326209194] C:\WINDOWS\ms065326209194.exe
O4 - HKLM\..\Run: [sebsdiwA] C:\WINDOWS\sebsdiwA.exe
O4 - HKLM\..\Run: [sys031945326209] C:\WINDOWS\sys031945326209.exe
O4 - HKLM\..\Run: [ms031945326209] C:\WINDOWS\ms031945326209.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [koru] C:\PROGRA~1\COMMON~1\koru\korum.exe
O4 - HKCU\..\Run: [PSCloner] "C:\Program Files\PSCloner\PSCloner.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?7ec03ceecef74b11929bb16ca8b9f239
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?7ec03ceecef74b11929bb16ca8b9f239
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} (VZBB) - http://www2.verizon.net/micro/vol_toolbar/vzbb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWluIENhaQ\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sebsdiw.exe

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:34 PM

Posted 09 September 2006 - 06:53 PM

That's the log I need to see. :thumbsup:

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_16.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [{08-8D-D6-6E-ZN}] c:\windows\system32\osdsregl.exe GEN001
O4 - HKLM\..\Run: [riudaa58] RUNDLL32.EXE w1aa1e8c.dll,n 003daa55000000031aa1e8c
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [win32073262091945] C:\WINDOWS\win32073262091945.exe
O4 - HKLM\..\Run: [ms049453262091] C:\WINDOWS\ms049453262091.exe
O4 - HKLM\..\Run: [sys029194532620] C:\WINDOWS\sys029194532620.exe
O4 - HKLM\..\Run: [sys102091945326] C:\WINDOWS\sys102091945326.exe
O4 - HKLM\..\Run: [xpaodggA] C:\WINDOWS\xpaodggA.exe
O4 - HKLM\..\Run: [sys010919453262] C:\WINDOWS\sys010919453262.exe
O4 - HKLM\..\Run: [gqsqfbiA] C:\WINDOWS\gqsqfbiA.exe
O4 - HKLM\..\Run: [ms054532620919] C:\WINDOWS\ms054532620919.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [ms065326209194] C:\WINDOWS\ms065326209194.exe
O4 - HKLM\..\Run: [sebsdiwA] C:\WINDOWS\sebsdiwA.exe
O4 - HKLM\..\Run: [sys031945326209] C:\WINDOWS\sys031945326209.exe
O4 - HKLM\..\Run: [ms031945326209] C:\WINDOWS\ms031945326209.exe



===========



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\dfndrff_15.exe
    C:\kybrdff_16.exe
    C:\WINDOWS\v1201.exe
    C:\topaff.exe
    c:\windows\system32\osdsregl.exe
    C:\WINDOWS\thiselt.exe
    C:\WINDOWS\win32073262091945.exe
    C:\WINDOWS\ms049453262091.exe
    C:\WINDOWS\sys029194532620.exe
    C:\WINDOWS\sys102091945326.exe
    C:\WINDOWS\xpaodggA.exe
    C:\WINDOWS\sys010919453262.exe
    C:\WINDOWS\gqsqfbiA.exe
    C:\WINDOWS\ms054532620919.exe
    c:\windows\system32\rlvknlg.exe
    C:\WINDOWS\ms065326209194.exe
    C:\WINDOWS\sebsdiwA.exe
    C:\WINDOWS\sys031945326209.exe
    C:\WINDOWS\ms031945326209.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
============


I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 a778999

a778999
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 September 2006 - 07:56 PM

I have just downloaded and run KillBox. Here is the log:

Pocket Killbox version 2.0.0.881
Running on Windows XP as Min Cai(Administrator)
was started @ Saturday, September 09, 2006, 8:38 PM

# 1 [Delete on Reboot]
Path = C:\dfndrff_15.exe


# 2 [Delete on Reboot]
Path = C:\kybrdff_16.exe


# 3 [Delete on Reboot]
Path = C:\topaff.exe


# 4 [Delete on Reboot]
Path = C:\WINDOWS\thiselt.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\win32073262091945.exe


# 6 [Delete on Reboot]
Path = C:\WINDOWS\sys029194532620.exe


# 7 [Delete on Reboot]
Path = C:\WINDOWS\xpaodggA.exe


# 8 [Delete on Reboot]
Path = C:\WINDOWS\gqsqfbiA.exe


# 9 [Delete on Reboot]
Path = C:\WINDOWS\ms054532620919.exe

I did not receive the PendingFileRenameOperations promptbefore the computer rebooted. I will post the HijackThis logs soon.

#8 a778999

a778999
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 September 2006 - 08:05 PM

Hi Sam,
Here is the uninstall list:

ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 7.0.8
AOL Instant Messenger
Backyard Baseball 2001
Backyard Basketball
Backyard Hockey 2005
BCM V.92 56K Modem
Britannica Ready Reference
CAM-IN SUITE III
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CleanUp!
Command
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Dell Support 5.0.0 (766)
DirectX 9 Hotfix - KB839643
DVDSentry
EarthLink Setup Files
eBay Toolbar
Eyetide Viewer
Google Deskbar
Google Desktop
Google Earth
Google Pack Screensaver
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
HijackThis 1.99.1
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Q903235
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Learn2 Player (Uninstall Only)
Macromedia Flash Player 8
Macromedia Shockwave Player
MATLAB 7.0.4
McAfee.com SecurityCenter
McAfee.com VirusScan Online
MGI PhotoSuite 4 (Remove Only)
MGI VideoWave 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Draw 98
Microsoft Excel 97 Laroux Virus Scanner (Remove only)
Microsoft Excel 97 Web Connectivity Kit (Remove only)
Microsoft Excel Euro Toolbar Addin (Remove only)
Microsoft Office 97 Animated Cursors
Microsoft Office 97 Sounds (Remove only)
Microsoft Office 97 Unique Identifier Removal Tool
Microsoft Office 97, Professional Edition
Microsoft Office Converter Pack
Microsoft Reader Text-to-Speech for English
Microsoft Word 97 Time Mgmt Wizard Pack (Remove only)
Microsoft Word 97 Web Page Visual Styles (Remove only)
Modem Helper
Mozilla Firefox (1.5.0.4)
Mozilla Thunderbird (1.5)
MS F1 the Office Assistant (Remove only)
MS Outlook support for Lotus cc:Mail
MS The Dolphin Assistant(Remove only)
MSN Search Toolbar
Musicmatch® Jukebox
Network Monitor
NVIDIA Windows 2000/XP Display Drivers
Outlook 3 Pane Message Preview Extension (Remove only)
Paint Shop Pro 7
Picasa 2
PowerDVD
Quicken 2002 New User Edition
QuickTime
RealPlayer
RelevantKnowledge
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 8 (KB911565)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896426)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Shockwave
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
TContext
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Verizon Online DSL
Viewpoint Media Player
vReader for Microsoft Outlook (Remove only)
WeatherBug
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player Hotfix [See Q828026 for more information]
Windows Overlay Components
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883939
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB896688
Windows XP Hotfix - KB896727
Windows XP Hotfix - KB897715
Windows XP Hotfix - KB905915
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB912812
Windows XP Hotfix - KB916281
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q329441
WinRAR archiver
WordPerfect Office 11
Yahoo! Anti-Spy
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
ZoneAlarm

#9 a778999

a778999
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 September 2006 - 08:07 PM

And finally, a new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 21:05, on 06-09-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\TWluIENhaQ\command.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\sebsdiw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\sebsdiwA.exe
C:\Program Files\Common Files\{7CB08D6E-095A-1033-0721-030624030001}\Update.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\crunner\cproc.exe
C:\Program Files\CMFibula\CMFibula.exe
C:\PROGRA~1\COMMON~1\koru\korum.exe
C:\Program Files\PSCloner\PSCloner.exe
C:\PROGRA~1\COMMON~1\koru\korua.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpe.dll/blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...;N=PLEM&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bclwb.exe
F2 - REG:system.ini: UserInit=userinit.exe,mwrblac.exe
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: VZBB - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [sebsdiwA] C:\WINDOWS\sebsdiwA.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [koru] C:\PROGRA~1\COMMON~1\koru\korum.exe
O4 - HKCU\..\Run: [PSCloner] "C:\Program Files\PSCloner\PSCloner.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?7ec03ceecef74b11929bb16ca8b9f239
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?7ec03ceecef74b11929bb16ca8b9f239
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} (VZBB) - http://www2.verizon.net/micro/vol_toolbar/vzbb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWluIENhaQ\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sebsdiw.exe

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:34 PM

Posted 10 September 2006 - 11:09 AM

Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

Command
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Network Monitor
RelevantKnowledge
TContext
Viewpoint Media Player
Windows Overlay Components



Fix these lines with Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpe.dll/blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\toolbar.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab





Reboot your computer.

Now try running Combofix once again and post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 a778999

a778999
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 10 September 2006 - 12:06 PM

Network Monitor was not able to uninstall but I did everything else you asked. However, after I ran ComboFix and looked for it in the Add/Remove Programs menu, it wasn't there anymore. Anyways, here is the ComboFix log:

Min Cai - 06-09-10 12:38:06.98
ComboFix 06.09.07 - Running from: C:\Program Files\ComboFix

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


O4 - HKCU\...\Run C:\WINDOWS\SYSTEM32\lstsbt.exe
O4 - HKLM\...\Run C:\WINDOWS\System32\lstsbt.exe
F2 -REG:system.ini: Shell C:\WINDOWS\System32\bclwb.exe
F2 -REG:system.ini: UserInit C:\WINDOWS\SYSTEM32\mwrblac.exe


* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


2006-09-01 16:15 127488 C:\WINDOWS\SYSTEM32\lstsbt.exe
2006-09-01 16:15 51712 C:\WINDOWS\SYSTEM32\rattscn.dll
2006-09-01 16:15 23552 C:\WINDOWS\SYSTEM32\mwrblac.exe
2006-09-01 16:15 127488 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dagth.exe
2006-09-10 12:17 433 C:\WINDOWS\jnbas.dll
2006-09-01 19:41 127488 C:\WINDOWS\SYSTEM32\qpjwn.dat
2006-09-01 16:15 28672 C:\WINDOWS\SYSTEM32\bclwb.exe


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-09-01 19:41 127488 qpjwn.dat.qoo
06-09-01 16:15 127488 dagth.exe.qoo
06-09-01 16:15 127488 lstsbt.exe.qoo
06-09-01 16:15 51712 rattscn.dll.qoo
06-09-01 21:28 32256 dmonwv.dll.qoo
06-09-01 16:15 28672 bclwb.exe.qoo
06-09-01 21:28 53 bcevep.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Min Cai.D4855J31\Application Data\Sskcwrd.dll
C:\Documents and Settings\Min Cai.D4855J31\Application Data\Sskknwrd.dll
C:\Documents and Settings\Min Cai.D4855J31\Application Data\Sskuknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\dfndrff_16.exe
C:\kybrdff_15.exe
C:\WINDOWS\system32\aaa00000.dll
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\WinNB58.dll
C:\WINDOWS\justin.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\uninst104.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\SYSTEM32\atmtd.dll.tmp
C:\WINDOWS\system32\w007a19d.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\batty2
C:\Program Files\Cowabanga
C:\Program Files\Deskbar
C:\Program Files\Inetget2
C:\Program Files\PSLister
C:\Program Files\cmfibula
C:\Program Files\network monitor
C:\WINDOWS\system32\crunner
C:\Program Files\Common Files\{7CB08D6E-095A-1033-0721-030624030001}
C:\WINDOWS\TWluIENhaQ

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\TSKS~1
C:\QooBox\Purity\Program Files\Common Files\SMANTE~1
C:\QooBox\Purity\Program Files\Common Files\SMANTE~1\svchost.exe
C:\QooBox\Purity\Program Files\TSKS~1\taskmgr.exe
C:\QooBox\Purity\Program Files\TSKS~1\TSKS~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-09 to 2006-09-09 ))))))))))))))))))))))))))))))))))


2006-09-05 21:20 163,840 --a------ C:\WINDOWS\ms0494532620912006.exe
2006-09-05 19:08 163,840 --a------ C:\WINDOWS\ms0653262091942006.exe
2006-09-05 16:09 2 --a------ C:\WINDOWS\SYSTEM32\wnsapiit.exe
2006-09-05 16:08 131,072 --a------ C:\WINDOWS\SYSTEM32\bmrkqrdr.dll
2006-09-02 20:48 159,744 --a------ C:\WINDOWS\sys1020919453262006.exe
2006-09-02 17:47 159,744 --a------ C:\WINDOWS\win320962091945322006.exe
2006-09-01 21:28 53,120 --a------ C:\WINDOWS\srvpfhgljo.exe
2006-09-01 21:28 523,728 --------- C:\WINDOWS\sebsdiw.exe
2006-09-01 21:28 186,219 --a------ C:\WINDOWS\srvfpupjfc.exe
2006-09-01 16:51 8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2006-09-01 16:51 303,104 --a------ C:\WINDOWS\SYSTEM32\rlls.dll
2006-09-01 16:17 186,219 --a------ C:\WINDOWS\srvkpjqmyc.exe
2006-09-01 16:16 53,120 --a------ C:\WINDOWS\srvdcmxjwr.exe
2006-09-01 16:16 383,728 -r-hs---- C:\WINDOWS\gqsqfbi.exe
2006-09-01 16:15 433 --a------ C:\WINDOWS\jnbas.dll
2006-09-01 16:15 23,552 --a------ C:\WINDOWS\SYSTEM32\mwrblac.exe
2006-09-01 01:26 53,120 --a------ C:\WINDOWS\srvxdxbacz.exe
2006-09-01 01:26 186,219 --a------ C:\WINDOWS\srvhqouorq.exe
2006-09-01 01:25 1,203,728 -r-hs---- C:\WINDOWS\xpaodgg.exe
2006-09-01 01:23 139,264 --a------ C:\WINDOWS\MirarSetup_876075.exe
2006-09-01 01:23 115,160 --a------ C:\WINDOWS\Eim03.exe
2006-08-31 23:34 927 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-08-31 23:33 126,976 --a------ C:\WINDOWS\SYSTEM32\ieserv.exe
2006-08-31 23:31 25,105 --a------ C:\WINDOWS\idlemg.exe
2006-08-31 23:29 32,768 --a------ C:\WINDOWS\unstall.exe
2006-08-31 23:29 215,308 --a------ C:\WINDOWS\Setup90.exe
2006-08-31 23:29 2,560 --a------ C:\WINDOWS\ac3_0002.exe
2006-08-31 23:27 61,952 --a------ C:\WINDOWS\SYSTEM32\riudaa58.dll
2006-08-31 23:27 1,233 --a------ C:\WINDOWS\SYSTEM32\riudaa58.sys
2006-08-31 23:26 186,223 --a------ C:\WINDOWS\srvgaxespb.exe
2006-08-31 23:25 45,056 --a------ C:\TIGEN001.exe
2006-08-31 23:25 353,280 --a------ C:\803_104.exe
2006-08-31 23:25 273,728 --------- C:\WINDOWS\dfrrfxo.exe
2006-08-31 23:23 53,120 --a------ C:\WINDOWS\srvelizmro.exe
2006-08-31 23:23 365,568 --a------ C:\814.exe
2006-08-31 23:23 215,308 --a------ C:\WINDOWS\srvlrblvvh.exe
2006-08-21 16:48 53,248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-08-14 20:52 78,848 --a------ C:\WINDOWS\SYSTEM32\nsuA.dll
2006-08-14 20:52 78,848 --a------ C:\WINDOWS\SYSTEM32\nsm26A.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-10 12:47 -------- d-a------ C:\Program Files\Common Files
2006-09-10 12:37 -------- d-------- C:\Program Files\ComboFix
2006-09-10 12:32 -------- d-------- C:\Program Files\HijackThis
2006-09-10 12:31 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-10 12:24 -------- d-------- C:\Program Files\Java
2006-09-10 10:56 -------- d-------- C:\Program Files\KillBox
2006-09-09 20:16 -------- d-------- C:\Program Files\McAfee.com
2006-09-09 20:08 -------- d-------- C:\Program Files\L2MDestroyer
2006-09-09 07:52 -------- d-------- C:\Program Files\PSCloner
2006-09-06 23:40 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-05 23:33 -------- d-------- C:\Program Files\Zone Labs
2006-09-05 20:15 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-05 16:06 -------- d-------- C:\Program Files\Common Files\misc002
2006-09-04 17:50 76560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2006-09-01 18:40 -------- d-------- C:\Program Files\Messenger
2006-09-01 16:38 -------- d-------- C:\Program Files\Common Files\koru
2006-09-01 16:16 -------- d-------- C:\Documents and Settings\Min Cai.D4855J31\Application Data\WeatherBug
2006-08-31 23:23 -------- d-------- C:\Program Files\Online Services
2006-08-19 19:03 -------- d-------- C:\Documents and Settings\Min Cai.D4855J31\Application Data\Real
2006-08-14 18:01 -------- d-------- C:\Program Files\WinRAR
2006-08-07 11:17 61440 --a------ C:\WINDOWS\SYSTEM32\BattyRun2.dll
2006-07-31 17:30 -------- d-------- C:\Program Files\Metacafe
2006-07-21 04:30 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-07-13 04:50 595968 --a------ C:\WINDOWS\SYSTEM32\xpsp2res.dll
2006-06-16 14:34 48936 --a------ C:\WINDOWS\SYSTEM32\sirenacm.dll
2006-06-14 11:21 63501 --a------ C:\WINDOWS\SYSTEM32\regperf.exe
2006-06-07 13:55 3753 --a------ C:\Program Files\Common Files\qufyfut.html


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"BCMSMMSG"="BCMSMMSG.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"MMTray"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\""
"MCAgentExe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\McAfee.com\\Agent\\McUpdate.exe"
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"mmtask"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe\""
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.EXE 1"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"cprocsvc"="C:\\WINDOWS\\System32\\crunner\\cproc.exe"
"CMFibula"="\"C:\\Program Files\\CMFibula\\CMFibula.exe\""
"koru"="C:\\PROGRA~1\\COMMON~1\\koru\\korum.exe"
"PSCloner"="\"C:\\Program Files\\PSCloner\\PSCloner.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Update Check (COMPIE-Adam Wu).job
C:\WINDOWS\tasks\McAfee.com Update Check (COMPIE-Jackie Wu).job
C:\WINDOWS\tasks\McAfee.com Update Check (COMPIE-Louis Wu).job
C:\WINDOWS\tasks\McAfee.com Update Check (COMPIE-Min Cai).job
C:\WINDOWS\tasks\McAfee.com Update Check (D4855J31-Adam Wu).job
C:\WINDOWS\tasks\McAfee.com Update Check (D4855J31-Guest).job
C:\WINDOWS\tasks\McAfee.com Update Check (D4855J31-Jackie Wu).job
C:\WINDOWS\tasks\McAfee.com Update Check (D4855J31-Louis Wu).job
C:\WINDOWS\tasks\McAfee.com Update Check (D4855J31-Min Cai).job
C:\WINDOWS\tasks\McAfee.com Update Check (D4855J31-Owner).job

Completion time: Sun 09/10/2006 12:52:19.81
ComboFix.txt

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:34 PM

Posted 10 September 2006 - 12:11 PM

Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close Ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Clean out your Temporary Internet files
    • Close Internet Explorer and close any instances of Windows Explorer.
    • Click Start -> Control Panel and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    IMPORTANT: Close all windows and do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:

  • Lauch Ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido and reboot your system back into Normal Mode and post the results of the Ewido scan report along with a new Hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 a778999

a778999
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 10 September 2006 - 03:35 PM

I have the Ewido report in a text file but somehow I cannot copy and paste it here. Is there some way to upload it onto this forum?

Logfile of HijackThis v1.99.1
Scan saved at 4:32:10 PM, on 9/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...;N=PLEM&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?7ec03ceecef74b11929bb16ca8b9f239
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?7ec03ceecef74b11929bb16ca8b9f239
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} (VZBB) - http://www2.verizon.net/micro/vol_toolbar/vzbb.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:34 PM

Posted 10 September 2006 - 05:12 PM

It may be too large for one post. You can either edit out everything that refers to cookies, or make two separate posts.


Download AlcanShorty
  • Click the download button below and agree to download the fix.
  • Download Alcanshorty to your desktop.
  • DoubleClick alcanshorty_en.exe and click install
  • This will create a new folder on your desktop called alcanshorty_en
  • Open that folder and doubleclick Run.bat
  • Once the fix starts, your icons and desktop will disappear, this is normal.
Make sure you have a working internet connection. In case your firewall gives an alert, don't block it,
because alcanshorty needs to download some additional files to let the tool run properly.
  • Wait for the complete script execution box to popup and press OK.
  • Press exit to terminate the BFU program.
===========


Please post a new log from Combofix.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 a778999

a778999
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 10 September 2006 - 06:03 PM

I opened it with Microsoft Word and was able to copy it from there. I will run AlcanShorty soon


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

e w i d o a n t i - s p y w a r e - S c a n R e p o r t

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



+ C r e a t e d a t : 4 : 1 8 : 3 4 P M 9 / 1 0 / 2 0 0 6



+ S c a n r e s u l t :







H K L M \ S O F T W A R E \ C l a s s e s \ C l i e n t A X . C l i e n t I n s t a l l e r - > A d w a r e . 1 8 0 S o l u t i o n s : E r r o r d u r i n g c l e a n i n g .

H K L M \ S O F T W A R E \ C l a s s e s \ C l i e n t A X . C l i e n t I n s t a l l e r . 1 - > A d w a r e . 1 8 0 S o l u t i o n s : E r r o r d u r i n g c l e a n i n g .

C : \ ! K i l l B o x \ t h i s e l t . e x e - > A d w a r e . A g e n t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ A W S \ W e a t h e r B u g \ M i n i B u g T r a n s p o r t e r . d l l - > A d w a r e . A w s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ S Y S T E M 3 2 \ B a t t y R u n 2 . d l l - > A d w a r e . C A S C l i e n t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ d f n d r f f _ 1 5 . e x e - > A d w a r e . D o l l a r R e v e n u e : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ a m m 0 6 . o c x - > A d w a r e . M e d i a M o t o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ e m . o c x - > A d w a r e . M e d i a M o t o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ u n s t a l l . e x e - > A d w a r e . M e d i a M o t o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ v z b b . d l l - > A d w a r e . M e g a S e a r c h : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ P S C l o n e r \ P S C l o n e r . e x e - > A d w a r e . P u r i t y S c a n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ r l v k n l g . e x e - > A d w a r e . R K : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ S Y S T E M 3 2 \ r k . b i n - > A d w a r e . R K : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ S Y S T E M 3 2 \ r l l s . d l l - > A d w a r e . R K : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ M i r a r S e t u p _ 8 7 6 0 7 5 . e x e - > A d w a r e . S a v e N o w : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

H K L M \ S O F T W A R E \ C l a s s e s \ A T L E v e n t s . A T L E v e n t s - > A d w a r e . V i r t u M o n d e : E r r o r d u r i n g c l e a n i n g .

H K L M \ S O F T W A R E \ C l a s s e s \ A T L E v e n t s . A T L E v e n t s . 1 - > A d w a r e . V i r t u M o n d e : E r r o r d u r i n g c l e a n i n g .

H K L M \ S O F T W A R E \ C l a s s e s \ C o m m o n . B u t t o n s - > A d w a r e . W e b S e a r c h : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n s t a l l e r \ U s e r D a t a \ A U I - > A d w a r e . W e b S e a r c h : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

H K L M \ S O F T W A R E \ C l a s s e s \ C l i e n t A X . R e q u i r e d C o m p o n e n t - > A d w a r e . Z a n g o : E r r o r d u r i n g c l e a n i n g .

H K L M \ S O F T W A R E \ C l a s s e s \ C l i e n t A X . R e q u i r e d C o m p o n e n t . 1 - > A d w a r e . Z a n g o : E r r o r d u r i n g c l e a n i n g .

C : \ T I G E N 0 0 1 . e x e - > A d w a r e . Z e n o S e a r c h : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ d m o n w v . d l l . q o o - > D o w n l o a d e r . A g e n t . a g w : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ S Y S T E M 3 2 \ d m o n w v . d l l _ t o b e d e l e t e d - > D o w n l o a d e r . A g e n t . a g w : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ S Y S T E M 3 2 \ k o r w b r k r . e x e - > D o w n l o a d e r . A g e n t . a m : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ t o p a f f . e x e - > D o w n l o a d e r . A g e n t . a q x : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ S Y S T E M 3 2 \ r i u d a a 5 8 . d l l - > D o w n l o a d e r . A g e n t . a w b : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 9 C 0 1 4 3 D F - 0 B B A - 4 3 F E - 8 D C 7 - 1 C D 9 C 1 \ 9 8 C 4 4 6 6 1 - 2 D 6 A - 4 F 7 7 - 9 D 9 7 - A 0 C 7 7 7 - > D o w n l o a d e r . A g e n t . g g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 1 5 4 9 A B 3 6 - B 6 5 2 - 4 1 6 2 - 9 F B 6 - 5 D 9 1 C F \ 4 2 1 4 8 9 D 3 - 7 C 9 6 - 4 5 5 F - 9 E B 7 - B A 0 E 7 A - > D o w n l o a d e r . D e l f . d c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 3 E E 2 8 4 F 6 - 0 E 3 D - 4 E 9 0 - A B B A - 1 2 3 F 9 E \ 6 D 5 C A E 2 1 - 7 4 4 6 - 4 0 A E - B C 1 C - 9 7 C 9 3 3 - > D o w n l o a d e r . D y f u c a . e y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ s r v d c m x j w r . e x e - > D o w n l o a d e r . D y f u c a . e y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ s r v e l i z m r o . e x e - > D o w n l o a d e r . D y f u c a . e y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ s r v p f h g l j o . e x e - > D o w n l o a d e r . D y f u c a . e y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ s r v x d x b a c z . e x e - > D o w n l o a d e r . D y f u c a . e y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ 8 1 4 . e x e - > D o w n l o a d e r . D y f u c a . f b : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ P u r i t y \ P r o g r a m F i l e s \ T S K S ~ 1 \ t a s k m g r . e x e - > D o w n l o a d e r . P u r i t y S c a n . d a : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ b c l w b . e x e . q o o - > D o w n l o a d e r . Q o o l o g i c . b j : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ d a g t h . e x e . q o o - > D o w n l o a d e r . Q o o l o g i c . b j : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ l s t s b t . e x e . q o o - > D o w n l o a d e r . Q o o l o g i c . b j : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ q p j w n . d a t . q o o - > D o w n l o a d e r . Q o o l o g i c . b j : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ r a t t s c n . d l l . q o o - > D o w n l o a d e r . Q o o l o g i c . b j : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ S Y S T E M 3 2 \ m w r b l a c . e x e - > D o w n l o a d e r . Q o o l o g i c . b j : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ i d l e m g . e x e - > D o w n l o a d e r . S m a l l . b u y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ a c 3 _ 0 0 0 2 . e x e - > D o w n l o a d e r . S m a l l . c y h : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ 2 4 0 5 0 3 _ _ . e x e - > D o w n l o a d e r . S m a l l . m g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ k o r u \ k o r u p . e x e - > D o w n l o a d e r . T S U p d a t e . f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ k o r u \ k o r u a . e x e - > D o w n l o a d e r . T S U p d a t e . l : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ k o r u \ k o r u m . e x e - > D o w n l o a d e r . T S U p d a t e . n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ m i s c 0 0 2 \ 1 4 1 . e x e - > D o w n l o a d e r . T S U p d a t e . o : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ k o r u \ k o r u l . e x e - > D o w n l o a d e r . T S U p d a t e . r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ g q s q f b i A . e x e - > D o w n l o a d e r . V B . a l u : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ s e b s d i w A . e x e - > D o w n l o a d e r . V B . a l u : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ x p a o d g g A . e x e - > D o w n l o a d e r . V B . a l u : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ k y b r d f f _ 1 6 . e x e - > D o w n l o a d e r . V B . a m b : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 0 7 7 3 B 5 3 A - 9 C 5 2 - 4 5 6 6 - 8 2 9 3 - 2 E 4 0 D A - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 0 F 8 9 D 3 5 D - A 4 9 3 - 4 0 8 8 - B A 2 9 - 6 8 0 4 5 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 1 1 C 6 E 7 1 9 - C B F 9 - 4 E 7 1 - B 3 E 8 - 6 D 4 C 3 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 1 3 B 4 A A 3 C - C E 9 6 - 4 F 5 C - A 4 5 8 - D E B D F B - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 1 A 0 7 7 7 2 0 - C 0 1 A - 4 6 8 2 - B D F 5 - 0 2 8 4 4 5 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 1 C F 7 4 0 C B - 2 A 1 9 - 4 C C 2 - B 8 9 4 - F 1 5 0 5 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 1 D B A 0 5 A 7 - F 6 E 7 - 4 0 6 D - 9 6 2 D - B 1 8 A F 5 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 2 0 C 1 B D 5 1 - B B 5 F - 4 2 9 F - 8 6 C 4 - 7 4 3 3 0 A - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 2 6 0 6 F B 1 D - 4 A E 5 - 4 6 2 A - 9 E C F - 4 A 8 4 3 1 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 2 8 4 C 0 4 E 7 - 6 B 8 A - 4 2 3 B - B B 2 8 - 6 3 D A 6 E - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 3 2 9 D D 2 1 5 - 9 1 F 6 - 4 5 8 4 - 9 4 6 B - A 9 8 B F 6 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 3 4 F B 8 8 4 8 - 1 1 9 B - 4 0 0 D - 9 5 F A - 0 4 C C 6 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 3 6 2 3 D 7 6 D - 7 E 8 4 - 4 5 8 3 - 8 C E A - 0 F 7 8 9 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 3 9 A 9 8 A 5 E - 1 B C F - 4 D 8 6 - A 3 B F - 1 2 0 5 B F - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 3 A C A 9 F C C - C 5 2 D - 4 2 8 5 - 9 7 5 B - 4 A F D 5 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 3 B E D F 6 A E - 5 5 F D - 4 6 E B - 9 3 0 1 - C D 6 B 5 F - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 3 D 2 7 7 3 1 E - 0 0 3 2 - 4 7 5 B - A 1 4 F - 8 9 1 2 5 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 4 1 3 8 3 6 8 3 - E 9 1 D - 4 A A 2 - 8 E 3 6 - 7 E 4 4 5 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 4 E 4 2 4 A 2 8 - 9 2 7 B - 4 9 5 4 - B 7 6 A - 6 E F 6 1 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 5 4 4 3 A 9 7 1 - 6 6 4 E - 4 A 7 C - B 1 8 F - C 0 A 5 6 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 5 4 D B 9 4 B C - 0 1 8 3 - 4 D 9 E - A B 3 E - 0 A 6 E 8 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 5 7 5 5 D D 1 B - E 8 A 3 - 4 A 7 B - A F 5 F - 1 8 8 2 A 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 5 B E 5 A E 4 2 - 1 A 9 B - 4 E B 1 - 8 6 8 F - 4 E 5 2 8 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 5 E 4 7 D 9 5 D - 7 9 F A - 4 B 4 2 - 8 2 9 7 - 6 F 1 A 3 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 6 5 8 A D E 7 8 - 4 9 3 B - 4 1 2 3 - 8 D A B - 0 9 6 6 6 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 6 5 9 F 2 2 A 8 - 1 E 6 F - 4 D 0 6 - 8 A 8 A - 2 6 F D E 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 6 A E F 7 3 4 B - B 3 2 2 - 4 9 C 4 - 8 F A 3 - 3 7 0 6 9 5 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 6 B 5 A D 4 7 2 - 5 6 0 8 - 4 5 4 3 - A F 8 3 - C A 4 0 0 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 7 0 4 4 C C F 2 - 2 1 9 8 - 4 5 1 A - 8 2 8 9 - 1 2 C 1 D 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 7 7 C A C 8 A A - B 2 6 B - 4 F F 4 - A C 7 9 - D 4 0 6 2 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 7 C A 3 8 E 4 2 - E 5 E C - 4 6 B 3 - A A 9 4 - 6 7 6 5 8 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 7 D A A A C F 6 - 7 4 2 0 - 4 9 1 7 - B 2 1 B - 6 6 9 0 2 A - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 7 E 8 4 6 1 E 6 - 8 0 2 A - 4 8 D C - B 7 A 3 - 9 E C E 6 B - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 7 E B F C 4 7 C - A 9 1 2 - 4 A A 4 - 8 2 7 D - F 7 E 6 3 F - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 7 E C 8 5 4 7 A - 1 D C 4 - 4 2 5 E - A 3 B C - D F 6 3 1 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 8 1 0 F 8 3 4 2 - 9 B 6 0 - 4 0 F D - 8 8 7 7 - D D 2 C 3 D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 8 E C 8 D 3 E A - 6 D 1 F - 4 B 8 B - A 4 0 C - 6 9 5 9 6 D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 8 F E 5 7 6 8 5 - 0 7 4 A - 4 0 8 E - B 5 7 A - 2 F C 0 9 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 9 2 E 8 4 F 8 B - D 2 3 E - 4 4 0 8 - 8 4 1 E - 2 8 6 1 5 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 9 6 4 C 9 3 9 1 - F 6 9 9 - 4 7 7 8 - 8 D 9 D - 8 4 9 C A 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 9 7 3 0 6 6 4 5 - 2 7 A D - 4 B 4 5 - B E A 5 - 4 F 5 0 E B - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 9 7 D 7 C E 4 C - E 4 E E - 4 0 5 E - B 3 3 8 - 8 8 2 C A D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 9 8 E D A 2 B 9 - 4 C E 9 - 4 5 B C - 8 4 4 3 - C 9 B D E 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ 9 C 6 7 2 8 F B - 8 2 2 6 - 4 B E C - 9 1 9 6 - D 8 2 1 E 5 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ A 1 8 4 F 1 6 8 - 2 F 7 0 - 4 1 5 3 - 8 1 F F - 3 8 1 1 3 5 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ A 4 1 6 B 4 F C - 3 3 C C - 4 2 1 7 - 9 F 9 3 - D 5 F 1 4 8 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ A 7 B 7 B 9 F 5 - D C F 4 - 4 B 2 4 - B 0 3 2 - 5 4 C 2 4 8 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ A 8 9 3 9 E D 2 - 6 B C E - 4 2 F F - 8 9 B 0 - 0 0 A 3 E 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ A E 5 7 5 0 C C - E 6 7 D - 4 D 2 5 - A D 5 7 - 1 4 C 4 1 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ B 0 E D B F D 3 - A B E 0 - 4 5 E C - B 2 4 1 - D 3 C A C 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ B 6 B E C 7 0 8 - 7 4 0 0 - 4 C 7 B - 8 C B A - F 8 A 0 7 F - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ B 7 9 A B A 0 1 - 0 F E 7 - 4 0 1 6 - A 7 A 5 - 9 C 0 A 9 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ B E 4 3 F 3 F E - 6 C 6 5 - 4 B E 9 - A D 8 1 - 2 B D 9 8 F - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ B F C D 3 A 9 7 - F C 5 A - 4 C 9 4 - B 7 E 4 - D B 4 F 6 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ C 4 8 1 F 7 5 5 - 8 5 7 9 - 4 8 7 B - 8 D A 7 - E 4 3 A 7 6 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ C 6 4 5 F 6 8 9 - 3 3 E 1 - 4 8 3 0 - A 8 2 2 - B D 1 4 C D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ C 6 8 A D 9 9 A - 0 D 8 6 - 4 6 E 7 - A 9 6 F - 3 8 9 4 9 A - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ C 7 0 2 C A 2 1 - E 7 C B - 4 6 6 7 - 8 E 4 6 - B 9 B 8 3 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ C B C B C 1 E 9 - D A C 9 - 4 8 7 C - B 1 4 C - 6 2 0 9 E 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ D 5 F 3 C F D D - 4 8 C 0 - 4 5 B 1 - A 6 B E - A 6 E 6 6 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ D A F 2 6 5 2 1 - 9 0 0 F - 4 6 9 2 - B 4 D B - A E D 9 C 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ E 1 9 6 4 2 E 9 - 2 0 9 4 - 4 B 7 4 - B 1 3 D - 6 3 A 8 C 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ E F E D 1 C A 5 - 1 1 2 5 - 4 0 D 5 - 9 1 B 5 - A A 0 C 9 6 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ F 2 7 C 0 2 6 8 - 7 4 C D - 4 7 5 3 - A C B 2 - 1 6 C 3 F 5 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ 5 F 1 A 1 6 6 7 - 5 F A B - 4 5 5 B - B 3 2 A - 6 D F C 8 3 \ F 3 2 7 3 C 6 C - 4 1 7 9 - 4 3 8 C - 9 9 4 5 - 8 4 0 4 2 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 0 1 4 A 1 1 C E - 6 5 9 8 - 4 8 9 0 - 9 2 3 8 - 7 6 A 2 5 1 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 0 1 F 3 D C C C - 7 A E B - 4 5 9 C - A B D 5 - 9 2 D 4 8 D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 0 5 9 2 2 D 8 7 - 3 E B 3 - 4 2 7 A - A A 3 A - E 6 3 7 2 6 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 0 5 F 6 7 C B 7 - 5 2 8 D - 4 0 D 6 - A F E 1 - D 4 7 9 7 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 0 6 C C F 6 0 2 - 0 C 0 9 - 4 6 5 5 - 9 2 B D - 5 B 3 3 5 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 0 7 2 4 F 7 B 7 - E D 5 C - 4 2 1 9 - 9 9 2 1 - 5 1 2 B 5 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 0 7 3 8 D 2 F 5 - C F B 8 - 4 3 B E - 9 F 6 8 - D 4 0 5 6 F - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 0 8 F 9 7 3 6 D - 8 1 7 A - 4 B 7 4 - A 8 A C - 0 E 2 4 6 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 0 A 4 5 8 1 B F - 0 F 0 4 - 4 F 9 1 - 8 6 E 2 - D E 4 7 2 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 1 1 D D A 8 D E - 6 6 B 4 - 4 1 7 A - 8 D 8 7 - E D 6 F 1 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 1 2 B 5 9 B B E - 7 F F 8 - 4 6 6 7 - 8 3 3 9 - 2 F D B 8 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 1 8 9 D 0 F A B - 4 3 1 5 - 4 2 6 7 - B 4 9 7 - 2 2 0 5 5 1 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 1 B D 4 C 6 1 C - 7 2 5 2 - 4 5 A 5 - A 0 0 E - 6 1 8 2 5 A - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 2 4 6 F F 7 2 5 - 5 E 9 8 - 4 8 9 8 - B 5 0 5 - D E D B F C - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 2 5 8 2 7 0 4 A - 2 3 7 9 - 4 8 4 8 - B E 6 3 - 1 F 9 8 2 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 2 9 C 2 3 1 4 6 - 4 2 D 9 - 4 B C 4 - B 7 0 C - 0 1 6 B F 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 2 B 9 2 D 1 6 7 - B B C 8 - 4 1 1 B - 9 2 E 1 - 6 C F 0 A 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 3 4 1 5 1 D E A - 2 9 0 8 - 4 D D D - A E 5 3 - 4 8 5 A B 5 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 3 E 8 0 C D F 7 - F 7 E 4 - 4 7 E 6 - B 8 4 F - 2 D 4 3 3 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 4 1 5 E F 0 0 A - 5 3 C 5 - 4 A C D - B 0 7 F - 5 A E 4 0 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 4 A 3 8 3 8 8 E - 3 1 6 C - 4 3 5 F - 8 A 2 C - 2 C B 3 8 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 4 A 9 E 0 6 6 7 - 1 D B C - 4 A 6 6 - B B 5 B - 4 B 4 9 7 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 4 E A 7 1 3 B 3 - 8 7 E 1 - 4 1 4 5 - A 9 1 4 - A B E 8 4 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 4 F 1 5 9 7 0 A - E D 6 8 - 4 6 1 8 - A 0 B 1 - E 9 2 8 D 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 4 F 1 8 F 2 0 B - 3 F 0 E - 4 D C 2 - A 1 5 0 - F 1 0 2 C D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 5 F 0 1 9 2 5 D - B 6 7 A - 4 9 7 9 - 8 B 9 B - 1 4 5 7 3 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 6 0 9 0 4 2 C F - A 5 E B - 4 7 3 8 - A 8 0 C - C 1 2 8 4 5 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 6 2 5 D 7 3 4 6 - A F 6 3 - 4 0 9 9 - B 4 2 E - 6 2 9 F A 6 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 6 3 F 2 0 7 C A - 0 C 0 6 - 4 8 E 7 - 8 6 0 D - 9 A C 6 6 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 6 6 5 D F 8 4 C - 7 3 2 8 - 4 6 1 0 - 9 1 D 5 - 3 D 0 E 8 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 6 7 E C D 3 8 E - 8 4 F 3 - 4 D 0 D - B C B 6 - 2 E 4 D 9 8 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 6 8 3 8 3 6 9 A - F D 1 7 - 4 5 7 8 - 9 0 7 8 - F A D 7 C D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 6 9 5 1 4 B E F - 0 C D B - 4 D 2 C - B 6 3 F - 6 2 A D 4 1 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 6 D A 3 3 3 0 0 - 4 7 B 7 - 4 9 F 8 - 8 1 B C - 2 E C B 2 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 7 1 3 C 9 F F D - F E E C - 4 0 2 B - 8 4 E 4 - 8 9 5 E 4 4 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 7 1 E 5 7 E C 7 - 7 6 8 0 - 4 8 0 E - 9 D 8 F - 3 7 6 C 9 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 8 1 9 D 3 2 F 3 - 8 5 0 D - 4 0 1 D - B 2 7 0 - 6 4 E 3 3 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 8 E 0 0 D 8 4 A - 4 D 5 A - 4 0 0 3 - 8 4 E 2 - D B D 8 7 B - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 9 1 F 9 2 9 9 3 - 2 A F 0 - 4 2 6 5 - A A D 5 - 9 8 7 0 4 E - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ 9 E 9 5 1 F 0 0 - 1 1 9 8 - 4 0 3 D - 9 F 4 5 - D 2 0 2 C 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ A 0 2 D 2 2 1 7 - 1 0 9 3 - 4 4 3 B - 9 9 F 9 - 3 1 3 D F 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ A 0 8 8 5 2 B F - 7 A 2 6 - 4 1 1 B - 9 6 4 7 - 5 7 4 4 4 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ A 5 D 6 E F D 3 - 8 B 1 D - 4 3 6 0 - A B A 6 - C A C A 5 E - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ A 7 7 8 5 7 C B - 7 C 0 1 - 4 3 D C - A 5 9 4 - 6 4 0 A A 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ A D 0 D 5 5 5 8 - F F E E - 4 D D B - A 7 A A - E D 5 0 7 B - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ B 5 6 0 F E F E - 3 4 4 6 - 4 3 6 0 - B 9 9 6 - C 2 3 5 B 6 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ B A 7 3 C 4 B 7 - 2 A E C - 4 5 5 A - B 3 2 B - 2 7 2 5 F 0 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ B C 4 3 0 F C 5 - 8 5 E D - 4 1 A 9 - 8 5 7 2 - 9 B 2 0 2 A - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ B D A 4 8 6 B 3 - C 8 A 3 - 4 6 4 F - 9 B 9 B - 5 9 A C 3 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C 0 2 C 6 2 4 1 - 8 1 B 8 - 4 0 4 1 - A 0 6 D - 5 5 D D 8 B - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C 4 B 7 9 7 E 1 - 8 3 1 0 - 4 5 7 1 - 9 5 9 C - B B 4 C 0 3 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C 5 5 A 2 D C E - B 4 2 9 - 4 9 1 8 - B 3 2 C - 2 5 E D 5 8 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C 6 E B F 6 B 6 - A B 0 E - 4 F C D - A F 4 4 - A 9 E E 2 D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C 7 1 E C B 3 4 - 3 2 0 3 - 4 5 6 8 - 9 B C 0 - 9 F F 7 5 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C B A F B 4 B E - D B 5 0 - 4 5 8 A - 8 B 2 5 - 4 8 A A A 8 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C C C 0 B F D 1 - 2 8 E 0 - 4 F B 1 - 8 8 2 5 - 9 5 3 C D 1 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C E 0 4 7 2 B 1 - 7 4 7 F - 4 A 5 3 - 8 3 2 D - D 3 2 F 7 6 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C E 4 2 5 D 2 1 - 9 A C 6 - 4 3 D 3 - 8 5 1 4 - A D D B 8 E - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ C F 3 1 3 D 3 2 - E 6 B 6 - 4 1 8 2 - 8 F 4 1 - 1 4 E 1 1 D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ D 2 8 1 2 D 5 8 - A 8 5 5 - 4 E F E - A C C 2 - E C B 8 D 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ D 2 E 4 2 7 E 0 - 0 E 2 D - 4 7 E 1 - 8 7 C 0 - 0 4 E E A D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ D 5 E 5 5 6 5 9 - 9 7 4 3 - 4 F 6 E - A 6 F 0 - 5 1 8 6 C 2 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ D A 9 0 F 1 9 F - 7 C 9 F - 4 6 B 7 - 9 0 F 0 - A 4 3 7 C C - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ D B 0 4 F 4 1 6 - B 0 4 E - 4 3 4 C - 8 5 B 1 - F 1 6 F 7 6 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ D D C 8 5 C 7 D - 9 D B 8 - 4 7 3 C - B A F C - 0 3 8 A E F - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ E 5 2 E 5 B 4 9 - 1 3 A C - 4 4 3 C - B 4 5 8 - 2 5 1 0 9 D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ E 5 3 B 4 E B 1 - 9 6 7 2 - 4 3 7 3 - B 7 3 9 - C 4 A 7 F 9 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ E 8 0 9 4 6 8 0 - 9 E D F - 4 2 6 5 - 8 E C B - 0 6 A F E A - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ E C D 9 1 A B 1 - F 1 6 C - 4 1 6 2 - 9 6 7 6 - 0 D E 1 3 D - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s o f t A n t i S p y w a r e \ Q u a r a n t i n e \ B 6 E 4 8 2 4 5 - 8 6 4 3 - 4 9 A 6 - A E 5 6 - 2 C 4 7 C D \ E D E 5 D 0 9 3 - 5 B 2 5 - 4 F 5 1 - A 9 5 7 - 9 B 1 4 6 7 - > D o w n l o a d e r . V i r t u m o n d e . g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ M i c r o s




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users