Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous Adware Issues Adware.maxsearch, Adware.surfsidekick, Adware.purityscan


  • This topic is locked This topic is locked
20 replies to this topic

#1 neecy22

neecy22

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 21 March 2007 - 12:44 PM

Hello,

I have numerous pop ups every time I start the internet. I have run a number of different virus scan and adware programs and have been told I have the following infections Adware.MaxSearch, Adware.SurfSidekick, Adware.PurityScan and Trojan.Adclicker. However, when I follow the instructions to clean any of these infections I do not have any of the files listed in the instructions or any of the registry values associated with them. I have attached the hijack this log, this is my first time posting so I apologize if I have done anything incorrectly.

Thank you for you assistance.

Denise

Logfile of HijackThis v1.99.1
Scan saved at 12:52:26 PM, on 21/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\{4BE49C98-063C-1033-0815-050913200002}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Web Buying\v1.6.8\webbuying.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...1.sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/controls/emcconfig.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

BC AdBot (Login to Remove)

 


#2 Kenny94

Kenny94

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 21 March 2007 - 01:52 PM

Hello neecy22 and Welcome to BC!

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.


Please move HijackThis to it's own folder. We will not be able to fix your computer correctly and restore backups if you don't follow this directive.
Create a folder for Hijackthis on the C: drive called C:\HJT. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it HJT.

Navigate to C:\Documents and Settings\User\Local Settings\Temp\
Locate HijackThis.exe and right click on it, select cut, right click in the folder you just did create and select paste. Do the same for the backup folder.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Update AVG AntiSpyware 7.5
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG AntiSpyware, Do Not run a scan just yet


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.(if present):

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - AppInit_DLLs: dxclib303562752.dll

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

You will need to enable hidden files and folders by doing the following:
Windows XP

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):
PartyPoker

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
C:\Program Files\PartyGaming

IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG AntiSpyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
  • Close AVG AntiSpyware and reboot your system back into Normal Mode.
I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:
  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.
In your next reply, please include these log(s):

* AVG AntiSpyware Contents
* HijackThis Uninstall List
* HijackThis log (new)


Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Edited by Kenny94, 21 March 2007 - 01:54 PM.


#3 neecy22

neecy22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 21 March 2007 - 05:03 PM

Hello,

Thank you very much for your response. I did as you requested and the only issue I ran into was I could not delete the party gaming folder it sayed permission denied. I also noticed next to it there was a partpoker folder even though I had done the add/remove program. When I returned to normal mode after doing the system scan I still am getting webbuying pop ups. Here are the logs you requested.

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 3:31:15 PM, on 21/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\{4BE49C98-063C-1033-0815-050913200002}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Web Buying\v1.6.8\webbuying.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gymboree.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/controls/emcconfig.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe





AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:45:22 PM 21/03/2007

+ Scan result:



C:\Program Files\Common Files\{3BE49C98-063C-1033-0815-050913200002}\UnInstall.exe -> Adware.888Bar : No action taken.
C:\RECYCLER\NPROTECT\00000779.EXE -> Adware.PurityScan : No action taken.
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : No action taken.
C:\Program Files\Common Files\{4BE49C98-063C-1033-0815-050913200002}\Update.exe -> Adware.Softomate : No action taken.
C:\WINDOWS\system32\bund1\ClientBundle1.exe -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-518606438-3073161023-4259357385-1003\Software\ToolBar -> Adware.WebSearch : No action taken.
HKU\S-1-5-21-518606438-3073161023-4259357385-1003\Software\ToolBar\all -> Adware.WebSearch : No action taken.
HKU\S-1-5-21-518606438-3073161023-4259357385-1003\Software\ToolBar\all\History -> Adware.WebSearch : No action taken.
C:\Documents and Settings\Owner\nek.exe -> Downloader.Agent.ac : No action taken.
C:\WINDOWS\system32\svchosts.exe -> Downloader.Agent.bca : No action taken.
C:\Documents and Settings\Owner\install.exe -> Downloader.Agent.bdr : No action taken.
C:\WINDOWS\system32\install.exe -> Downloader.Agent.bdr : No action taken.
C:\WINDOWS\system32\setup9x.exe -> Downloader.VB.auk : No action taken.
C:\RECYCLER\NPROTECT\00000775.exe -> Trojan.Small : No action taken.
C:\RECYCLER\NPROTECT\00001131.EXE -> Trojan.VB.tg : No action taken.
C:\WINDOWS\system32\bund1\mac.exe -> Trojan.VB.tg : No action taken.


::Report end



HijackThisUninstall

µTorrent
AC3Filter (remove only)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
AVG Anti-Spyware 7.5
BellCanada SmartCall
CodeBaby Player (Remove Only) 1.0.2.19
Conexant AC-Link Audio
CSI
DeluxeCommunications
Disney Fairies Screensaver
DivX
DivX Player
DivX Web Player
Dora Knows Your Name
Easy Internet Sign-up
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB926239)
HP Help and Support
HP Software Update
HP User Guides 0002
HP Wireless Assistant
Intel® Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 8
KeyRipper 3.0
LimeWire 4.12.11
Links LS 1999
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
Magellan RoadMate Manager North America
Mah Jong Tiles Deluxe
Match-Up!
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Carioca Rummy
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Theme Ontario
Microsoft Works
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 4.0 - SE
NetAssistant
Norton AntiVirus 2003 Professional Edition
OIN
OIN
PL-2303 USB-to-Serial
Quick Launch Buttons 5.10 B2
QuickTime
Reader Rabbit's Toddler
RealArcade
RealPlayer
Secure Game Player
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Shockwave
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Special Internet Offers
StampManage 2006
StampManage 2006
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TextTwist Deluxe
The Sims Deluxe Edition
Update Cleanup
Update for Windows XP (KB929338)
Virtools 3D Life Player
Web Buying
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Word Mojo Deluxe
Zone Deluxe Games



Thank you again

Denise

#4 Kenny94

Kenny94

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 22 March 2007 - 10:51 AM

Hello neecy22

I still am getting webbuying pop ups

Yeah, I missed this in my other other fix. Let's try to remove PartyGaming again.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.(if present):

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O20 - AppInit_DLLs: dxclib303562752.dll

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.



Look in your Control Panel’s Add/Remove Programs for:
PuritySCAN By OIN,
OuterInfo,
OIN or similar
Yazzle by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.
, click on it and click remove.

Reboot and delete this folder if found: C:\Program Files\PurityScan\

If it is not listed, download and run this uninstaller: outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.


You should remove LimeWire. P2P (peer-to-peer) using P2P software is very risky, because it makes you very susceptible to infection, attack, exposure of personal or company information. But this is up to you to remove LimeWire.


Please remove these entries from Add/Remove Programs in the Control Panel (if present):
LimeWire 4.12.11
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Web Buying



Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
C:\Program Files\Web Buying
C:\Program Files\PartyGaming


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):
C:\WINDOWS\System32\dxclib303562752.dll


Reboot back to normal Windows.


Next, please download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Save the log information. And paste this info along with your HijackThis log.
In your next reply, please include these log(s):

* SUPERAntiSpyware Scan Log
* HijackThis log (new)


Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Edited by Kenny94, 22 March 2007 - 11:19 AM.


#5 neecy22

neecy22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 24 March 2007 - 10:09 AM

Hello,

Thank you again for your time. Here are the 2 logs.

Logfile of HijackThis v1.99.1
Scan saved at 11:01:12 AM, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...e.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/controls/emcconfig.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

SUPERAntiSpyware Scan Log
Generated 03/24/2007 at 10:38 AM

Application Version : 3.6.1000

Core Rules Database Version : 3206
Trace Rules Database Version: 1216

Scan type : Complete Scan
Total Scan Time : 01:42:51

Memory items scanned : 392
Memory threats detected : 0
Registry items scanned : 5491
Registry threats detected : 9
File items scanned : 91455
File threats detected : 38

Adware.DeluxeCommunications
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks#{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeluxeCommunications
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeluxeCommunications#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeluxeCommunications#UninstallString
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\DXCDMNS.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\DXCKNWRD.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\DXCUKNWRD.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\RP4.TMP
C:\WINDOWS\SYSTEM32\BKD.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@adcentriconline[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@h.starware[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\owner@int.sitestat[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partypoker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.888[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@amazonsearsca.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@int.sitestat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@try.starware[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adknowledge[1].txt

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR

Trojan.WinBo32/Enhance
HKLM\Software\System\sysold
HKLM\Software\System\sysold#sys033273496127.exe

Adware.IPWins
HKU\S-1-5-21-518606438-3073161023-4259357385-1003\Software\IpWins
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\ipwindows

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\CLICK TO FIND AND FIX ERRORS.URL

Trojan.Freeprod
C:\DOCUMENTS AND SETTINGS\OWNER\INSTALL.EXE
C:\WINDOWS\SYSTEM32\INSTALL.EXE
C:\WINDOWS\Prefetch\INSTALL.EXE-0BE86700.pf
C:\WINDOWS\Prefetch\INSTALL.EXE-1DCAF20B.pf

Trojan.Downloader-UnSVCHosts
C:\WINDOWS\SYSTEM32\UNSVCHOSTS.EXE
C:\WINDOWS\Prefetch\UNSVCHOSTS.EXE-2BA40E9C.pf

Unclassified.Unknown Origin/System
C:\WINDOWS\UNINST2.HTM

Trojan.Unknown Origin
C:\WINDOWS\UNIST1.HTM

There is something that I noticed and I was wondering if it is an issue, in the folder c:/program files there are files labelled a.zip, b.zip, c.zip, a.ico, b.ico, setup.exe,track_03.exe, and video.exe (the last 5 look like media player files) these files seemed to have appeared around the same thime as all the other issues and if I delete them they come back, are they supposed to be there?

Thanks again for your help,

Denise

#6 Kenny94

Kenny94

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 24 March 2007 - 05:30 PM

Hello neecy22

(the last 5 look like media player files) these files seemed to have appeared around the same thime as all the other issues and if I delete them they come back, are they supposed to be there?

Yes these are media player files... Any more pop ups?

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
In your next reply, please include these log(s):

* ActiveScan report
* HijackThis log (new)


Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

#7 neecy22

neecy22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 24 March 2007 - 07:15 PM

Hello,

I did not get any pop ups this time when I started the computer so things are moving forward!

Here are the logs you requested: (part 1 continued in a 2nd post)


Incident Status Location

Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for Super Bowls Greatest Commercials (2007) PDTV XViD .zip\Video.exe
Virus:Trj/Vb.TT Disinfected C:\Program Files\a.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\Program Files\b.zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\Program Files\c.zip[Track_03.exe]
Virus:Trj/Vb.TT Disinfected C:\Program Files\Setup.exe
Virus:Trj/Vb.TT Disinfected C:\Program Files\Track_03.exe
Virus:Bck/VBBot.C Disinfected C:\Program Files\uy.exe
Virus:Trj/Vb.TT Disinfected C:\Program Files\Video.exe
Spyware:Cookie/888 Not disinfected C:\RECYCLER\NPROTECT\00008253
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00008258
Adware:Adware/DeluxeComunications Not disinfected C:\RECYCLER\NPROTECT\00008259
Adware:Adware/DeluxeComunications Not disinfected C:\RECYCLER\NPROTECT\00008265
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\NPROTECT\00008266
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\NPROTECT\00008267
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00008268
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00008270
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00008275
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00008277
Spyware:Cookie/Bluestreak Not disinfected C:\RECYCLER\NPROTECT\00008281
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00008282
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\NPROTECT\00008285
Spyware:Cookie/Cassava Not disinfected C:\RECYCLER\NPROTECT\00008286
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00008288
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00008289
Adware:Adware/DeluxeComunications Not disinfected C:\RECYCLER\NPROTECT\00008293.EXE
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\NPROTECT\00008294.EXE
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\NPROTECT\00008300.EXE
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00008309.exe
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00008312.exe
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00008313.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00008314.zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00008315.zip[Track_03.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00009212.exe
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc10.exe
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\007 You Only Live Twice (1967) 2DISC NTSC DTS UE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\110 Percent Natural 12 © Red-Light DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\2 Young To Fall In Love 3 © Zero Tolerance DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\24 S06E14 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\300 (2006) DVDSCR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\300 (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\A Scanner Darkly (2006) DVDRiP LIMITED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Afro Samurai S01E01 XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\All Of Us S04E17 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\All The Kings Men (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\American Heiress S01E01 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\American Heiress S01E02 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\American Idol S06E22 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\American Idol S06E23 Top 11 Results HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Anal Porn Party © Metro DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Asian Lust 2 © Demolition DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Asians 4 © Anabolic DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Babys Mommas 2 © 413 Productions DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Backyard Amateurs 5 © Xplor DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Bare Beavers 3 © FilmCo DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Barely Legal Brotha Lovers 3 © Exquisite DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Battlestar Galactica S03E12 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Battlestar Galactica S03E19 WS PROPER XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Battlestar Galactica S03E19 WS XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Beerfest (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Big Natural Tits 17 © Evil Angel DVDR NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Big Natural Tits 17 © Evil Angel DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Black Christmas (2006) NTSC UNRATED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Blood And Chocolate (2007) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Blood Diamond (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Blood Diamond (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Bobby (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Bodacious Tits © West Coast DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Bomb Ass White Booty 8 © West-Coast DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Bones S02E16 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Bones S02E16 The Boneless Bride In The River HDTV PROPER XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Boob Bangers 4 © Evil Angel DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Borat (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Borat (2006) R5 LINE PROPER .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Borat (2006) TC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Borat (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Boston Legal S03E17 The Bride Wore Blood HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Casino Royale (2006) BONUS DISC NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Casino Royale (2006) NTSC R1 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Casino Royale (2006) PAL PROPER .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Casino Royale (2006) PAL REPACK .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Casino Royale (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Casino Royale (2006) TC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Catch Me If You Can (2002) 2DISC PAL MULTISUBS SE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Charlottes Web (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Children Of Men (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Children Of Men (2006) TC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Cinderella Man (2005) PAL MULTiSUBS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Cold Case S04E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\College Amateur Tour © Frat House Films DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\College Girl Auditions 7 © Darling Girls DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Conan O Brien 2007.03.20 Bernie Mac HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Copying Beethoven (2006) DVDSCR FS LIMITED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Criminal Minds S02E19 HDTV REPACK XViD RERiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Criminal Minds S02E19 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Criminal Minds S02E19 Ashes And Dust HDTV PROPER XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Crossing Jordan S06E09 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\CSI Miami S05E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\CSI New York S03E19 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\David Letterman 2007.03.20 Guest Host Adam Sandler HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Deck The Halls (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Deep Sea (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Dick Em Down © Platinum-X DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Dirt S01E12 XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Dirty Sanchez The Movie (2006) DVDRiP LIMITED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Entourage S03D01 PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Entourage S03D02 PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Eragon (2006) NTSC PROPER .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Even Money (2006) DVDSCR REPACK .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Even Money (2006) DVDSCR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Everybody Hates Chris S02E17 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Everyones Hero (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Exchange Students © Mile High DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Facing The Giants (2006) PAL MULTISUBS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Fetish Ball 2 © Platinum-X DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Flyboys (2006) READNFO R5 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Fresh Jugs 5 © Zero-Tolerance DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Friday Night Lights S01E19 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\bleep For Dollars 3 © Greedy DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\George Lopez S06E09 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ghost Son (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Grease Youre The One That I Want S01E10 PDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Gridiron Gang (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Hairy Honies 28 © Channel 69 DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Halfway Home S01E02 XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Happy Feet (2006) NO DK ENG PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Happy Feet (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Hardcore Fever 5 © 21 Sextury DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Harsh Times (2005) NTSC PROPER .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Harsh Times (2006) TS SVCD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Her First Anal Sex 11 © Pink Visual DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Hollywoodland (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Homegrown Video 699 © Xplor DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Homegrown Video 701 © Xplor DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Hot 40 Plus 9 © Channel 69 DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Hot Latin Pussy Adventures 47 © Evasive Angles DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\How I Met Your Mother S02E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Idlewild (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\In Case Of Emergency S01E09 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Invincible (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Its Huge 6 © Vengeance DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Jay Leno 2007.03.20 David Spade HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Jay Leno 2007.03.21 Roseanne Barr HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Kaiser Chiefs Live De La Semaine (2007) PAL DVB .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Kick Ass Chicks 39 Gym Brats © Kick-Ass DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Lady In The Water (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Lets Go To Prison (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Letters From Iwo Jima (2006) DVDSCR NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Life On Mars S02E05 PDTV WS XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Lincoln Heights S01E11 DSR XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Little Miss Sunshine (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Little Miss Sunshine (2006) PAL MULTiSUBS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Lost S03E13 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Loving Annabelle (2006) PAL COMPLETE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\MADtv S12E17 PDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Man Of The Year (2006) R5 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Masters Of Horror S02E05 DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Me Luv U Long Time 11 © Red-Light DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Miami Ink S04E15 XViD DSR .zip[Video.exe]

#8 neecy22

neecy22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 24 March 2007 - 07:17 PM

Part 2 continued from previous post...

Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Naruto Uncut Ep25 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\National Lampoons Spring Break (2007) NTSC UNRATED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Natural Wonders Superstars 8 © Blue-Coyote DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Naughty Girls © Penthouse Variations DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\NCIS S04E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\New Nymphos 5 © Lethal Hardcore DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\NHL Coyotes Vs Stars 03.18.07 PDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\NHL Penguins Vs NY Rangers 03.19.07 PDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Night At The Museum (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ninja Nonsense E07 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ninja Nonsense E08 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ninja Nonsense E09 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ninja Nonsense E10 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ninja Nonsense E11 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ninja Nonsense E12 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ninja Nonsense Vol 04 (2006) DVDR NTSC COMPLETE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Norbit (2007) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Notes On A Scandal (2006) DVDSCR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Nothing Butt Fun © Evil Angel DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Nurse Nasty © Baby Doll DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ogenki Clinic Adventures EP 06 HENTAi DVDRiP DUBBED XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ogenki Clinic Adventures EP 07 HENTAi DVDRiP DUBBED XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Ogenki Clinic Adventures EP 08 HENTAi DVDRiP DUBBED XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Open Season (2006) R5 .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Paste My Face 5 © Northstar DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Pigtail Puppets © Legal Pink DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Pimp Daddy © Critical-X DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Plug My Holes © Critical-X DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Prison Break S02E20 HDTV PROPER XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Prison Break S02E20 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Pulse (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\q7q7q7q7q7q7q7q7xx.zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Real Racks © 3rd-Degree DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Red Hawk (2002) DVDR PAL COMPLETE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Red Hawk (2002) DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Rocco Ravishes St Petersburg © Evil-Angel DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Rocky Balboa (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Rome S02E09 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Rules Of Engagement S01E07 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Rush Hour S01E01 PDTV WS REPACK XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Rush Hour S01E01 PDTV WS XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Scenes Of A Sexual Nature (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\School For Scoundrels (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Shortbus (2006) NTSC LIMITED UNRATED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Slutinas 3 © Platinum-X DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Smoking Aces (2007) DVDSCR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Soar High Isami Ep7 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Soar High Isami Ep8 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Soar High Isami Ep9 DUAL AUDIO DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Soar High Isami Vol 03 DVDR NTSC COMPLETE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Something New (2006) PAL REPACK .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\South Park S11E03 XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Spunkd 6 © 3rd-Degree DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Squirt On My Black Cock 5 © Devils-Film DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Stargate Atlantis S02D1 NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Stargate Atlantis S02D2 NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Stargate Atlantis S02D3 NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Stargate Atlantis S02D4 NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Stargate Atlantis S02D5 NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Step Up (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Step Up (2006) DVDSCR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Stephen Kings Desperation (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Sugarcandy 2007 © 21 Sextury Video DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Survivor S14E06 PDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tattoon Master E01 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tattoon Master E02 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Teenage Peach Fuzz 3 © Red-Light DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Teeny Hot Spots 4 © Seventeen DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tenacious D The Pick Of Destiny (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Apprentice S06E09 The Governator PDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Black Dahlia (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Black Donnellys S01E04 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Colbert Report 2007.03.20 XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Covenant (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Daily Show 2007.03.19 XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Departed (2006) PAL MULTiSUBS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Devil Wears Prada (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Dresden Files S01E06 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Dresden Files S01E08 WS XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Fountain (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Good Sheperd (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Hills S02E10 WS XViD DSR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Holiday (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Host (2006) PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The L Word S04E11 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Nativity Story (2006) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The New Adventures Of Old Christine S02E17 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Prestige (2006) NTSC DTS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Quiet (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Riches S01E02 DSR XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Unit S02E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Waiting Room Prison PDTV WS XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The War At Home S02E19 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Who Live In Locarno (2006) PAL COMPLETE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Wicker Man (2006) DVDRiP WS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Winner S01E05 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\The Winner S01E06 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Thr3e (2007) CAM LIMITED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Til Death S01E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Trinity Blood E05 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Trinity Blood E06 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Trinity Blood E07 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Trinity Blood E08 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E01 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E02 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E03 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E04 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E05 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E06 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E07 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E08 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E09 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Tsukuyomi Moon Phase E10 DUAL AUDIO DVDRiP AC3 XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Turistas (2006) NTSC UNRATED .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Two And A Half Men S04E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Unknown (2006) DVDSCR FS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Van Wilder 2 (2006) CAM .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Van Wilder 2 (2006) TS .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Vegas Vampires (2007) NTSC .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Vigilantes (2006) NTSC COMPLETE .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Violence Jack (1986) DVDR PAL .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Virgin Teen Lesbians © Pink-Visual DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\We Are Marshall (2006) DVDSCR .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Westside 3 (2007) DVDRiP STV .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\What About Brian S02E18 HDTV REPACK XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Wilfred S01E01 PDTV WS XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Without A Trace S05E18 HDTV XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\World Trade Center (2006) DVDRiP .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc11\Young Asian POV © Lethal-Hardcore DVDRiP XViD .zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc4.zip[Setup.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc6.zip[Video.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc7.zip[Track_03.exe]
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc8.exe
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc9.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\bund1\Yzz.exe[¦++\Yazzle1670OinAdmin.exe]
Virus:Bck/VBBot.C Disinfect

****See all the zip files, I did not download any of that stuff.*****

Logfile of HijackThis v1.99.1
Scan saved at 7:53:43 PM, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gymboree.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/controls/emcconfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -

#9 neecy22

neecy22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 24 March 2007 - 07:23 PM

Somehow I didn't manage to get the entire HJT log in, here is the rest

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Thanks,

Denise

#10 Kenny94

Kenny94

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 24 March 2007 - 08:05 PM

Hello neecy22 :flowers:


Congratulations, your logs looks clean! :thumbsup:

You will need to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop

Rehide your system Folders/Files:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading SELECT Show hidden files and folders.
CHECK the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Some final items:

Important, we need to flush out all System Restore points.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

#11 neecy22

neecy22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 24 March 2007 - 08:48 PM

Thank you so much for your help :thumbsup:

#12 Kenny94

Kenny94

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 26 March 2007 - 03:29 PM

Hello neecy22
I'm going to open this log because there's a lot left that needs to be done. Sorry about this!

Let us deal with the ALCAN WORM first. Then we have a few others things to do. :thumbsup:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.(if present):

O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

Now close all windows other than HiJackThis, then click Fix Checked.

1.You will need to update AVG Anti-Spyware to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit AVG Anti-Spyware, do not run the scan yet!


2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open AVG Anti-Spyware:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG Anti-Spyware text report that you saved and a new HiJackThis log.

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

#13 neecy22

neecy22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 26 March 2007 - 08:31 PM

Alrighty here you go:

Logfile of HijackThis v1.99.1
Scan saved at 9:25:47 PM, on 26/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gymboree.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/controls/emcconfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:16:47 PM 26/03/2007

+ Scan result:



C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@amazonsearsca.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wakyojd5aho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4ekd5gho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliapdpgdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfligldzmaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4slajwbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4unc5acp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoqgajghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkycoczgaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-cineplex.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end

Everything seems to be running well,

Thanks,

Denise

#14 Kenny94

Kenny94

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 27 March 2007 - 07:53 AM

Hello neecy22 :huh:
Now your log is looking good. We're almost done. :thumbsup:

There is something that I noticed and I was wondering if it is an issue, in the folder c:/program files there are files labelled a.zip, b.zip, c.zip, a.ico, b.ico, setup.exe,track_03.exe, and video.exe (the last 5 look like media player files) these files seemed to have appeared around the same thime as all the other issues and if I delete them they come back, are they supposed to be there?


I was wrong... :flowers: It's a W32/Fontra-F spreads via peer-to-peer shared folders. It's part of p2p networking that we removed. But can you check to see if anything is in that c:/program files you mention about?

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

You will need to enable hidden files and folders by doing the following:
Windows XP

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders/files (if present):

C:\Program Files\Ipwindows <-----folder
C:\WINDOWS\system32\bund1 <-------folder
C:\Program Files\Common Files\{4BE49C98-063C-1033-0815-050913200002}
C:\Program Files\Common Files\{3BE49C98-063C-1033-0815-050913200002}


Reboot back to normal Windows.

Please run one more Panda's ActiveScan and Post the contents of the ActiveScan report as you did before.

In your next reply, please include these log(s):

* ActiveScan report
* HijackThis log (new)


Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

#15 neecy22

neecy22
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 27 March 2007 - 07:52 PM

Ok, in c:/program files there are the following files a.zip, b.zip, c.zip and a.ico, b.ico. The other ones I mentuoned before are no longer there. Here are the 2 logs:

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
Adware:Adware/Yazzle Not disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc39\Yzz.exe
Adware:Adware/TTC Not disinfected C:\RECYCLER\S-1-5-21-518606438-3073161023-4259357385-1003\Dc39\zq.exe
Virus:Trj/Downloader.NNG Disinfected C:\WINDOWS\system32\setup9x.exe



Logfile of HijackThis v1.99.1
Scan saved at 8:47:36 PM, on 27/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gymboree.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre.sympatico.ca/controls/emcconfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe



Thanks again :thumbsup:

Denise




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users