Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijack This Log


  • This topic is locked This topic is locked
10 replies to this topic

#1 Caecilius

Caecilius

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 10 January 2007 - 01:46 AM

Hi,

It was suggested that I post my Hijack this log here.

Logfile of HijackThis v1.99.1
Scan saved at 06:41:28, on 10/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CROSOF~1\netdde.exe
C:\Documents and Settings\Sean Robinson\My Documents\?icrosoft.NET\?vchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sean Robinson\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = supanet Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {B0A67959-C89E-A947-BB48-EC6C261B55C2} - C:\WINDOWS\system32\todgz.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B0A67959-C89E-A947-BB48-EC6C261B55C2} - C:\WINDOWS\system32\todgz.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0CE79094-0682-2057-0410-02042520002c}] "C:\Program Files\Common Files\{0CE79094-0682-2057-0410-02042520002c}\Update.exe" te-110-12-0000245
O4 - HKLM\..\Run: [{0CE79094-0683-2057-0410-02042520002c}] "C:\Program Files\Common Files\{0CE79094-0683-2057-0410-02042520002c}\Update.exe" te-110-12-0000245
O4 - HKCU\..\Run: [Cepp] "C:\WINDOWS\system32\CROSOF~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [Mjuwtl] C:\Documents and Settings\Sean Robinson\My Documents\?icrosoft.NET\?vchost.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sagaciouspeanut.spaces.msn.com//Pho...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093553068133
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2VhbiBSb2JpbnNvbg\command.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)



Just a bit of background: Both Spybot and Adaware have found an entry called "Command service" but neither can get rid of it. I dont know whether that is what is causing my pop ups or not.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:10 PM

Posted 10 January 2007 - 09:26 AM

Hello,

It is important you don't miss a step and perform everything in the right order!!

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Avast OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Agnitum Outpost Free, ZoneAlarm Free OR Kerio are FREE firewalls.

Understanding and using firewalls

Then,
* Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
MediaTickets by OIN
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.


If OIN not listed, download and run this uninstaller.

* Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot afterwards! Important!

--------------------
After reboot....


* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program

--------------------

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: (no name) - {B0A67959-C89E-A947-BB48-EC6C261B55C2} - C:\WINDOWS\system32\todgz.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: (no name) - {B0A67959-C89E-A947-BB48-EC6C261B55C2} - C:\WINDOWS\system32\todgz.dll
O4 - HKLM\..\Run: [{0CE79094-0682-2057-0410-02042520002c}] "C:\Program Files\Common Files\{0CE79094-0682-2057-0410-02042520002c}\Update.exe" te-110-12-0000245
O4 - HKLM\..\Run: [{0CE79094-0683-2057-0410-02042520002c}] "C:\Program Files\Common Files\{0CE79094-0683-2057-0410-02042520002c}\Update.exe" te-110-12-0000245
O4 - HKCU\..\Run: [Cepp] "C:\WINDOWS\system32\CROSOF~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [Mjuwtl] C:\Documents and Settings\Sean Robinson\My Documents\?icrosoft.NET\?vchost.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2VhbiBSb2JpbnNvbg\command.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post next logs in your following reply:
  • Log from combofix (combofix.txt)
  • Log from AVG Antispyware
  • New HijackThislog
You may need several replies to post the logs in case they won't fit in one reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Caecilius

Caecilius
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 12 January 2007 - 03:53 PM

Hi, thanks for your reply. I have done everything you said down to the avg scan. Ive been running it for over 2 hours and its still only about a third of the way through. Im a minor who still lives with his parents and running a 6 hour scan might be a bit of a problem. Is the avg scan absolutely essential? Is there another (shorter) scan that I can do instead?

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:10 PM

Posted 12 January 2007 - 04:25 PM

Well, actually yes, the AVG Scan is really required.
But you can skip that step for now and proceed with the next steps and post the new Hijackthislog and combofixlog. Then you can run the AVG scan again afterwards to deal with the leftovers.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Caecilius

Caecilius
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 13 January 2007 - 09:12 AM

I managed to get it done after all. I'll start with the combofix log, then the avg log, then the hijack this log.

-----------------------------------------------------------------------------------------------------------------------


Sean Robinson - 07-01-13 14:01:37.53 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Sean Robinson\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Sean Robinson\My Documents\ICROSO~1.NET


((((((((((((((((((((((((((((((( Files Created from 2006-12-13 to 2007-01-13 ))))))))))))))))))))))))))))))))))


2007-01-13 11:50 <DIR> d--hs---- C:\FOUND.219
2007-01-12 23:26 <DIR> d--hs---- C:\FOUND.218
2007-01-11 17:49 <DIR> d-------- C:\MI3_EU_D1
2007-01-11 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-01-11 17:04 <DIR> d-------- C:\Program Files\DVD Shrink
2007-01-10 20:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-10 19:52 <DIR> d-------- C:\bintheredunthat
2007-01-10 18:52 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-10 18:51 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-10 18:51 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-01-10 18:51 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-01-10 18:51 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-10 18:51 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-01-10 18:51 <DIR> d-------- C:\Program Files\Alwil Software
2007-01-07 22:53 <DIR> d--hs---- C:\FOUND.217
2007-01-07 22:42 <DIR> d-------- C:\Program Files\VideoraiPodConverter
2007-01-07 22:35 <DIR> d-------- C:\Program Files\BitComet
2007-01-07 22:34 <DIR> d-------- C:\Program Files\Videora
2007-01-07 13:36 <DIR> d--hs---- C:\FOUND.216
2007-01-06 17:32 <DIR> d--hs---- C:\FOUND.215
2007-01-05 13:40 <DIR> d--hs---- C:\FOUND.214
2007-01-04 13:15 <DIR> d--hs---- C:\FOUND.213
2007-01-03 23:54 <DIR> d--hs---- C:\FOUND.212
2007-01-03 22:16 <DIR> d--hs---- C:\FOUND.211
2006-12-30 19:58 <DIR> d-------- C:\Documents and Settings\Sean Robinson\Application Data\Uniblue
2006-12-30 19:57 <DIR> d-------- C:\Program Files\Uniblue
2006-12-30 13:10 <DIR> d--hs---- C:\WINDOWS\U2VhbiBSb2JpbnNvbg
2006-12-30 12:35 <DIR> d--hs---- C:\FOUND.210
2006-12-30 00:04 <DIR> d--hs---- C:\FOUND.209
2006-12-29 21:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-29 20:57 <DIR> d-------- C:\Program Files\CCleaner
2006-12-27 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2006-12-27 23:22 <DIR> d-------- C:\Program Files\XVideoConverter
2006-12-27 23:12 93,509 --a------ C:\tdd.exe
2006-12-27 16:04 <DIR> d-------- C:\Program Files\Delta
2006-12-27 15:49 <DIR> d-------- C:\Program Files\Vidalia
2006-12-27 15:49 <DIR> d-------- C:\Program Files\Tor
2006-12-27 15:47 <DIR> d-------- C:\Program Files\Privoxy
2006-12-27 15:47 <DIR> d-------- C:\Documents and Settings\Sean Robinson\Application Data\Vidalia
2006-12-20 20:27 <DIR> d--hs---- C:\FOUND.208
2006-12-19 01:36 <DIR> d-------- C:\Program Files\CDisplay
2006-12-19 00:21 <DIR> d--hs---- C:\FOUND.207
2006-12-16 20:46 <DIR> d--hs---- C:\FOUND.206
2006-12-15 18:44 <DIR> d--hs---- C:\FOUND.205
2006-12-15 17:08 <DIR> d--hs---- C:\FOUND.204
2006-12-14 22:20 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-12-14 22:10 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-11 21:53 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\WMDRMdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\WMDRMNet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\Audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\MsPMSNSv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\MsPMSP.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="file:///C:/Program%20Files/Webdialer/ban_04.jpg"
"SubscribedURL"="file:///C:/Program%20Files/Webdialer/ban_04.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,95,01,00,00,62,01,00,00,6b,00,00,00,4f,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,23,01,00,00,6b,00,00,00,4f,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,ea,01,09,48,e9,77,c8,0d,e9,77,ff,ff,ff,ff,c4,e1,\
e7,77,c4,e1,e7,77
"CurrentState"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,dc,00,00,00,dc,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:00,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,01,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,dc,00,00,00,dc,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-13 14:04:13.10
C:\ComboFix2.txt ... 07-01-12 22:18
C:\ComboFix.txt ... 07-01-13 14:04

------------------------------------------------------------------------------------------------------------------

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:08:50 13/01/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Adware.BroadCastPC : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned.
C:\FOUND.013\FILE0029.CHK -> Adware.HelpExpress : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP588\A0513774.exe -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP588\A0513775.dll -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP592\A0531193.dll -> Adware.MaxSearch : Cleaned.
C:\tdd.exe -> Adware.MaxSearch : Cleaned.
C:\Program Files\PAL SPYREM -> Adware.PALSpywareRemover : Cleaned.
C:\Program Files\PAL SPYREM\Quarantine -> Adware.PALSpywareRemover : Cleaned.
C:\Program Files\PAL SPYREM\Reports -> Adware.PALSpywareRemover : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP589\A0513879.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP587\A0511721.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP587\A0512747.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP591\A0530018.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP591\A0530019.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP592\A0531195.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP592\A0531196.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP591\A0530013.exe -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP591\A0530010.exe -> Downloader.Agent.bca : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP587\A0511822.dll -> Logger.Banker.alr : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP587\A0511825.exe -> Logger.Banker.alr : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP587\A0511827.exe -> Logger.Banker.alr : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP588\A0513780.DLL -> Logger.Banker.alr : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP588\A0513801.exe -> Logger.Banker.alr : Cleaned.
C:\WINDOWS\system32\xvid.dll -> Logger.Banker.alr : Cleaned.
C:\Program Files\SnadBoy's Revelation v2\RevelationHelper.dll -> Not-A-Virus.PSWTool.Win32.SnadBoy.2011 : Cleaned.
C:\Documents and Settings\Paulina Johnson\Cookies\paulina johnson@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@adbrite[3].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@ads.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@com[3].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Paulina Johnson\Cookies\paulina johnson@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@searchportal.information[3].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@image.masterstats[3].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Paulina Johnson\Cookies\paulina johnson@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
C:\Documents and Settings\Paulina Johnson\Cookies\paulina johnson@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Paulina Johnson\Cookies\paulina johnson@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@tacoda[4].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@yadro[3].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@yadro[4].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Paulina Johnson\Cookies\paulina johnson@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Paulina Johnson\Cookies\paulina johnson@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Paulina Johnson\Cookies\paulina johnson@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sean Robinson\Cookies\sean robinson@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP588\A0513799.vbs -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP589\A0513883.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP592\A0530081.exe -> Trojan.Small : Cleaned.
C:\WINDOWS\U2VhbiBSb2JpbnNvbg\oZp1v21mvZLDvBhSv0.vbs -> Trojan.Small : Cleaned.
C:\My Shared Folder\18 WHEELS crack.zip/18 WHEELS crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\18 WHEELS crack.zip/18 WHEELS crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\3d studio max crack.zip/3d studio max crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\3d studio max crack.zip/3d studio max crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\3planesoft crack.zip/3planesoft crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\3planesoft crack.zip/3planesoft crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Advanced Office Password crack.zip/Advanced Office Password crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Advanced Office Password crack.zip/Advanced Office Password crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Advanced X Video Converter crack.zip/Advanced X Video Converter crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Advanced X Video Converter crack.zip/Advanced X Video Converter crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\CyberLink PowerDirector crack.zip/CyberLink PowerDirector crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\CyberLink PowerDirector crack.zip/CyberLink PowerDirector crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\DVD Santa 4.00 crack.zip/DVD Santa 4.00 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\DVD Santa 4.00 crack.zip/DVD Santa 4.00 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Deskmates crack.zip/Deskmates crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Deskmates crack.zip/Deskmates crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Droppix Recorder crack.zip/Droppix Recorder crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Droppix Recorder crack.zip/Droppix Recorder crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\FL Studio 6.0.8 serial number crack.zip/FL Studio 6.0.8 serial number crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\FL Studio 6.0.8 serial number crack.zip/FL Studio 6.0.8 serial number crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Fly DVD SVCD VCD Maker crack.zip/Fly DVD SVCD VCD Maker crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Fly DVD SVCD VCD Maker crack.zip/Fly DVD SVCD VCD Maker crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\FunPhotor crack.zip/FunPhotor crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\FunPhotor crack.zip/FunPhotor crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Gutterball 2 crack.zip/Gutterball 2 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Gutterball 2 crack.zip/Gutterball 2 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\KoolMoves crack.zip/KoolMoves crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\KoolMoves crack.zip/KoolMoves crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Microsoft Office 2003 Standard Edition for Students and Teachers crack.zip/Microsoft Office 2003 Standard Edition for Students and Teachers crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Microsoft Office 2003 Standard Edition for Students and Teachers crack.zip/Microsoft Office 2003 Standard Edition for Students and Teachers crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Need For Speed Hot Pursuit 2 crack.zip/Need For Speed Hot Pursuit 2 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Need For Speed Hot Pursuit 2 crack.zip/Need For Speed Hot Pursuit 2 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Panda Internet Security 2007 crack.zip/Panda Internet Security 2007 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Panda Internet Security 2007 crack.zip/Panda Internet Security 2007 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Pinnacle Studio 9.4.3 crack.zip/Pinnacle Studio 9.4.3 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Pinnacle Studio 9.4.3 crack.zip/Pinnacle Studio 9.4.3 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\RAR Password Recovery crack.zip/RAR Password Recovery crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\RAR Password Recovery crack.zip/RAR Password Recovery crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Style XP 2.0 crack.zip/Style XP 2.0 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Style XP 2.0 crack.zip/Style XP 2.0 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\System Mechanic 7 crack.zip/System Mechanic 7 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\System Mechanic 7 crack.zip/System Mechanic 7 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Total Video Converter 3.01 crack.zip/Total Video Converter 3.01 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Total Video Converter 3.01 crack.zip/Total Video Converter 3.01 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Travelogue 360 Paris crack.zip/Travelogue 360 Paris crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Travelogue 360 Paris crack.zip/Travelogue 360 Paris crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Ulead video studio 10 crack.zip/Ulead video studio 10 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Ulead video studio 10 crack.zip/Ulead video studio 10 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Xilisoft 3GP Video Converter crack.zip/Xilisoft 3GP Video Converter crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\Xilisoft 3GP Video Converter crack.zip/Xilisoft 3GP Video Converter crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\act of war crack.zip/act of war crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\act of war crack.zip/act of war crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\adobe acrobat pro 8.0 crack.zip/adobe acrobat pro 8.0 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\adobe acrobat pro 8.0 crack.zip/adobe acrobat pro 8.0 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\adobe premiere pro 1.5 crack.zip/adobe premiere pro 1.5 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\adobe premiere pro 1.5 crack.zip/adobe premiere pro 1.5 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\advanced rar repair crack.zip/advanced rar repair crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\advanced rar repair crack.zip/advanced rar repair crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\age crack.zip/age crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\age crack.zip/age crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\alcohol120% crack.zip/alcohol120% crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\alcohol120% crack.zip/alcohol120% crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\anti trojan shield crack.zip/anti trojan shield crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\anti trojan shield crack.zip/anti trojan shield crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\any dvd 6090 crack.zip/any dvd 6090 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\any dvd 6090 crack.zip/any dvd 6090 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\anydvd 6.0.8.8 crack.zip/anydvd 6.0.8.8 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\anydvd 6.0.8.8 crack.zip/anydvd 6.0.8.8 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\anydvd 6090 crack.zip/anydvd 6090 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\anydvd 6090 crack.zip/anydvd 6090 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\ares crack.zip/ares crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\ares crack.zip/ares crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\avg anti spyware crack.zip/avg anti spyware crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\avg anti spyware crack.zip/avg anti spyware crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\caesar 4 crack.zip/caesar 4 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\caesar 4 crack.zip/caesar 4 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\christmas time 3d screensaver crack.zip/christmas time 3d screensaver crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\christmas time 3d screensaver crack.zip/christmas time 3d screensaver crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\civilization crack.zip/civilization crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\civilization crack.zip/civilization crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\corel x3 crack.zip/corel x3 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\corel x3 crack.zip/corel x3 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\counter strike condition zero crack.zip/counter strike condition zero crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\counter strike condition zero crack.zip/counter strike condition zero crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dfx for winamp crack.zip/dfx for winamp crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dfx for winamp crack.zip/dfx for winamp crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dr.divx crack.zip/dr.divx crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dr.divx crack.zip/dr.divx crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dvdfab platinum 3.0.4.0 crack.zip/dvdfab platinum 3.0.4.0 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dvdfab platinum 3.0.4.0 crack.zip/dvdfab platinum 3.0.4.0 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dvdfabplatinum crack.zip/dvdfabplatinum crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dvdfabplatinum crack.zip/dvdfabplatinum crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dvdidle pro 5.9.8.5 crack.zip/dvdidle pro 5.9.8.5 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\dvdidle pro 5.9.8.5 crack.zip/dvdidle pro 5.9.8.5 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\easy cd da extractor crack.zip/easy cd da extractor crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\easy cd da extractor crack.zip/easy cd da extractor crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\embird crack.zip/embird crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\embird crack.zip/embird crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\f-secure internet security 2007 crack.zip/f-secure internet security 2007 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\f-secure internet security 2007 crack.zip/f-secure internet security 2007 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\family feud crack.zip/family feud crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\family feud crack.zip/family feud crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\football manager crack.zip/football manager crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\football manager crack.zip/football manager crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\goldwave crack.zip/goldwave crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\goldwave crack.zip/goldwave crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\ht video editor crack.zip/ht video editor crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\ht video editor crack.zip/ht video editor crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\imtoo 3gp converter crack.zip/imtoo 3gp converter crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\imtoo 3gp converter crack.zip/imtoo 3gp converter crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\kaspersky anti virus crack.zip/kaspersky anti virus crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\kaspersky anti virus crack.zip/kaspersky anti virus crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\kerio crack.zip/kerio crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\kerio crack.zip/kerio crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\matlab crack.zip/matlab crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\matlab crack.zip/matlab crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\monopoly crack.zip/monopoly crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\monopoly crack.zip/monopoly crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\movavi crack.zip/movavi crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\movavi crack.zip/movavi crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\my photo calendars crack.zip/my photo calendars crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\my photo calendars crack.zip/my photo calendars crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\myob crack.zip/myob crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\myob crack.zip/myob crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\n-track studio crack.zip/n-track studio crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\n-track studio crack.zip/n-track studio crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\nod crack.zip/nod crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\nod crack.zip/nod crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\norton system works 2006 crack.zip/norton system works 2006 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\norton system works 2006 crack.zip/norton system works 2006 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\oberon crack.zip/oberon crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\oberon crack.zip/oberon crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\online tv player crack.zip/online tv player crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\online tv player crack.zip/online tv player crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\oxygen crack.zip/oxygen crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\oxygen crack.zip/oxygen crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\paint shop pro XI crack.zip/paint shop pro XI crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\paint shop pro XI crack.zip/paint shop pro XI crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\partition magic 8 crack.zip/partition magic 8 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\partition magic 8 crack.zip/partition magic 8 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\pdf converter 1.4 crack.zip/pdf converter 1.4 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\pdf converter 1.4 crack.zip/pdf converter 1.4 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\powercinema crack.zip/powercinema crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\powercinema crack.zip/powercinema crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\premiere pro crack.zip/premiere pro crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\premiere pro crack.zip/premiere pro crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\rayman crack.zip/rayman crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\rayman crack.zip/rayman crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\rayman raving rabbids crack.zip/rayman raving rabbids crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\rayman raving rabbids crack.zip/rayman raving rabbids crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\reason 3.0 crack.zip/reason 3.0 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\reason 3.0 crack.zip/reason 3.0 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\replay crack.zip/replay crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\replay crack.zip/replay crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\runaway 2 crack.zip/runaway 2 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\runaway 2 crack.zip/runaway 2 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\runaway crack.zip/runaway crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\runaway crack.zip/runaway crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\scudetto 2007 crack.zip/scudetto 2007 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\scudetto 2007 crack.zip/scudetto 2007 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\server 2003 crack.zip/server 2003 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\server 2003 crack.zip/server 2003 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\snitch crack.zip/snitch crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\snitch crack.zip/snitch crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\sonar 6 crack.zip/sonar 6 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\sonar 6 crack.zip/sonar 6 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\spy hunter crack.zip/spy hunter crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\spy hunter crack.zip/spy hunter crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\super utilities crack.zip/super utilities crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\super utilities crack.zip/super utilities crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\system doctor crack.zip/system doctor crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\system doctor crack.zip/system doctor crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\total audio converter crack.zip/total audio converter crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\total audio converter crack.zip/total audio converter crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\trojan remover 6.5.4 crack.zip/trojan remover 6.5.4 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\trojan remover 6.5.4 crack.zip/trojan remover 6.5.4 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\tumblebugs crack.zip/tumblebugs crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\tumblebugs crack.zip/tumblebugs crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\virtuagirl crack.zip/virtuagirl crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\virtuagirl crack.zip/virtuagirl crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\virtual girl crack.zip/virtual girl crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\virtual girl crack.zip/virtual girl crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\virtuallab crack.zip/virtuallab crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\virtuallab crack.zip/virtuallab crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\virus-busters crack.zip/virus-busters crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\virus-busters crack.zip/virus-busters crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\vso crack.zip/vso crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\vso crack.zip/vso crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\warcraft iii crack.zip/warcraft iii crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\warcraft iii crack.zip/warcraft iii crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\webroot spy sweeper crack.zip/webroot spy sweeper crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\webroot spy sweeper crack.zip/webroot spy sweeper crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\winavi 7.7 crack.zip/winavi 7.7 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\winavi 7.7 crack.zip/winavi 7.7 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\window washer crack.zip/window washer crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\window washer crack.zip/window washer crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\windows xp 64 crack.zip/windows xp 64 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\windows xp 64 crack.zip/windows xp 64 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\winzip 110 crack.zip/winzip 110 crack.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\My Shared Folder\winzip 110 crack.zip/winzip 110 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP587\A0511708.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\System Volume Information\_restore{CCF76F64-5205-4FD3-8D20-7C374BD937EE}\RP587\A0511708.exe/zgo.exe -> Worm.Agent.v : Cleaned.


::Report end

----------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:11:21, on 13/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sean Robinson\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = supanet Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.outerinfo.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sagaciouspeanut.spaces.msn.com//Pho...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093553068133
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:10 PM

Posted 13 January 2007 - 09:25 AM

Hello,

Looking much better already. :thumbsup:

Now you see why the AVG Antispywarescan was needed. :flowers:

Check and fix next entry in Hijackthis:

O15 - Trusted Zone: http://www.outerinfo.com

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next folders:

C:\bintheredunthat
C:\WINDOWS\U2VhbiBSb2JpbnNvbg
C:\FOUND.210
C:\FOUND.209
C:\FOUND.208
C:\FOUND.207
C:\FOUND.206
C:\FOUND.205
C:\FOUND.204
C:\FOUND.216
C:\FOUND.215
C:\FOUND.214
C:\FOUND.213
C:\FOUND.212
C:\FOUND.211
C:\FOUND.217
C:\FOUND.219
C:\FOUND.218

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Select everything you find in there (except for "My current home page") and press the delete button on the right.
Hit ok below > apply in previous window.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\tdd.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Caecilius

Caecilius
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 13 January 2007 - 10:46 AM

Thanks for the reply.

Im afraid I cant find a file called tdd.exe in C: though. Should I take a screen shot of my C: folder?

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:10 PM

Posted 13 January 2007 - 12:36 PM

Hi,

Yes, I see now that you ran combofix before the AVG scan. I see that the AVG scan already deleted that file.

So it is indeed gone. How are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Caecilius

Caecilius
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 13 January 2007 - 02:54 PM

Its a hundred times better, faster, more responsive, no more pop ups, its great, and its all thanks to you! Thanks eversomuch
I think its extremely kind of you to donate your time and effort to this place for no material reward, I only wish I had something worthwhile to give. Anyway, thanks again.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:10 PM

Posted 14 January 2007 - 04:10 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:10 PM

Posted 24 January 2007 - 08:36 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users