Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Targetsaver Popups


  • This topic is locked This topic is locked
43 replies to this topic

#1 garbageman

garbageman

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 17 May 2007 - 04:29 PM

hey. i have had the popups come up for a while and i just cracked. i need some help with getting rid of them. here is a log i took from hijackthis.

Moderator Edit: Version 2 header info edited so the log could be moved from XP Forum. ~ Animal
V2 HJT Log
Scan saved at 5:27:14 PM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Common Files\{58A432D7-069E-1033-0826-020502080001}\Update.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\COMMON~1\kirm\kirmm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\kirm\kirma.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\QDZJGOZF\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,uinpqsb.exe
O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E14B7248-B884-9775-F1D8-B7DEC9B259CA} - C:\WINDOWS\system32\vcvdwcj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Brian\LOCALS~1\Temp\ImInstaller\IncrediMail\imloader.exe -startup -product IncrediMail -skip_dialog language
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [sys037155927148] C:\WINDOWS\sys037155927148.exe
O4 - HKLM\..\Run: [wennwaeA] C:\WINDOWS\wennwaeA.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [{58A432D7-069E-1033-0826-020502080001}] "C:\Program Files\Common Files\{58A432D7-069E-1033-0826-020502080001}\Update.exe" te-110-12-0000245
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu4.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D2906418338B2B092EAD1B90C8EF456B4CEF4731119554A396D2664770856D1E27E902BC9ED7286138F75F2F0C8D6E84A1EF604776CA6C1637FD0FB68AD632016DC76C5C01F37D84BBFD566D55F8541427BD40B782C6260C67D36D
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [orbbh] C:\WINDOWS\system32\sdpign.exe reg_run
O4 - HKCU\..\Run: [Usrr] "C:\WINDOWS\system32\CROSOF~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Vkqhhbai] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
O4 - HKCU\..\Run: [kirm] C:\PROGRA~1\COMMON~1\kirm\kirmm.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Civilization Registration.lnk = D:\ATR1.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Dragonball Z Desktop Friends.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178305487828
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 11690 bytes

Edited by Animal, 18 May 2007 - 12:56 AM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 18 May 2007 - 08:58 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
You have quite a heavily infected computer, it is likely that we will need to perform a few scans before you will be completely clean from malware, so please bear with me.

You are using TrendMicro's HijackThis which is still in the testing process at the moment, so there may be some problems with it. Therefore, please download version 1.99.1 of HijackThis from the following link:
HJT v1.99.1

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Scan again with HijackThis, and post the log creates in your next reply along with the Combofix report.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 garbageman

garbageman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 18 May 2007 - 03:58 PM

ok thnx. here is the log from combofix.

"Brian" - 2007-05-18 16:25:37 Service Pack 2
ComboFix 07-05.17.6.V - Running from: "C:\Documents and Settings\Brian\Desktop\Brian`s Folder\"


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))



No infected Qoologic files found. Reg entries were fixed


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard131.dat
C:\WINDOWS\retadpu4.exe
C:\WINDOWS\updater.exe
C:\Program Files\eqadvice\sf.txt
C:\Program Files\eqadvice\Uninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\Common Files\{38A43~1\Bar888.dll
C:\Program Files\Common Files\{38A43~1\toolbardll.lzma
C:\Program Files\Common Files\{38A43~1\UnInstall.exe
C:\Program Files\Common Files\{58A43~1\system.dll
C:\Program Files\Common Files\{58A43~1\Update.exe
C:\DOCUME~1\Brian\Desktop\internet.lnk
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wapisvcc.exe
C:\WINDOWS\b122.exe
C:\Program Files\eqadvice
C:\Program Files\outerinfo
C:\Temp\tn3
C:\Program Files\Common Files\{38A43~1
C:\Program Files\Common Files\{58A43~1
C:\WINDOWS\system32\drivers\core.sys
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Brian
C:\qoobox\purity\C\DOCUME~1\Brian\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\Brian\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\Brian\APPLIC~1\FNTS~1
C:\qoobox\purity\C\DOCUME~1\Brian\APPLIC~1\WNSXS~1
C:\qoobox\purity\C\DOCUME~1\Brian\MYDOCU~1\RACLE~1
C:\qoobox\purity\C\Program Files\MANTEC~1
C:\qoobox\purity\C\Program Files\YMANTE~1
C:\qoobox\purity\C\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\C\Program Files\Common Files\SCURIT~1
C:\qoobox\purity\C\WINDOWS\MANTEC~1
C:\qoobox\purity\C\WINDOWS\system32\DOBE~1
C:\qoobox\purity\C\WINDOWS\system32\SMBOLS~1
C:\qoobox\purity\C\WINDOWS\system32\WNSXS~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\COM+ Messages
-------\core


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-18 ))))))))))))))))))))))))))))))))))


2007-05-18 11:35 218,112 --a------ C:\HijackThis.exe
2007-05-16 16:30 <DIR> d-------- C:\Program Files\PlayFirst
2007-05-16 12:23 589,824 --a------ C:\WINDOWS\system32\DVDRProX.dll
2007-05-16 12:23 <DIR> d-------- C:\Program Files\Fujifilm e-Systems
2007-05-16 12:23 <DIR> d-------- C:\DOCUME~1\Brian\APPLIC~1\Digital Album Organizer
2007-05-12 20:57 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-05-12 20:57 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-05-12 20:57 <DIR> d-------- C:\Program Files\OpenAL
2007-05-12 16:26 <DIR> d-------- C:\DOCUME~1\Brian\APPLIC~1\BAMZOOKi
2007-05-11 14:53 <DIR> d-------- C:\Program Files\Souptoys
2007-05-11 14:53 <DIR> d-------- C:\DOCUME~1\Brian\APPLIC~1\Souptoys
2007-05-11 14:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Souptoys
2007-05-10 15:53 864,256 --a------ C:\WINDOWS\system32\DevIL.dll
2007-05-10 15:53 81,920 --a------ C:\WINDOWS\system32\ILU.dll
2007-05-10 15:53 36,864 --a------ C:\WINDOWS\system32\ILUT.dll
2007-05-10 15:53 161,280 --a------ C:\WINDOWS\system32\fmod.dll
2007-05-08 14:21 <DIR> d-------- C:\Program Files\WildGames
2007-05-06 21:07 <DIR> d--h----- C:\Program Files\Give4Free Plugin
2007-05-06 21:07 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-05-05 15:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent
2007-05-05 08:46 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-03 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
2007-04-23 16:18 <DIR> d-------- C:\Program Files\Sacred
2007-04-23 16:17 <DIR> d--h----- C:\Program Files\FX Uninstall Information
2007-04-23 16:12 <DIR> d-------- C:\Program Files\Smart Projects
2007-04-23 10:07 <DIR> d-------- C:\Program Files\MagicISO
2007-04-20 20:16 <DIR> d-------- C:\Program Files\Astral
2007-04-18 14:53 <DIR> d-------- C:\Program Files\OGPlanet


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-18 20:36:27 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Xfire
2007-05-18 20:35:53 -------- d-s---w C:\Program Files\Xfire
2007-05-18 00:34:07 -------- d-----w C:\Program Files\LimeWire
2007-05-17 21:02:31 -------- d-----w C:\Program Files\Common Files\kirm
2007-05-16 20:37:33 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\PlayFirst
2007-05-16 16:23:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-15 21:42:45 -------- d-----w C:\Program Files\BFG
2007-05-14 19:39:52 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\yoclient
2007-05-12 12:44:42 -------- d-----w C:\Program Files\Paint Shop Pro 5
2007-05-04 23:12:18 -------- d-----w C:\Program Files\Movie Maker
2007-04-27 22:40:11 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Atari
2007-04-27 22:39:16 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-27 19:51:03 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\GetRightToGo
2007-04-16 19:14:04 -------- d-----w C:\Program Files\Lionhead Studios Ltd
2007-04-16 18:55:11 12,362 ----a-w C:\WINDOWS\pw.exe
2007-04-11 23:56:08 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\bang
2007-04-09 23:29:49 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-09 23:28:05 -------- d-----w C:\Program Files\KONAMI
2007-04-03 14:50:22 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Starware347
2007-03-26 01:26:31 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\teamspeak2
2007-03-26 01:26:30 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-03-25 23:57:35 -------- d-----w C:\Program Files\directx
2007-03-25 23:57:17 -------- d-----w C:\Program Files\Common Files\Pinnacle
2007-03-25 23:56:20 -------- d-----w C:\Program Files\LEGO Media
2007-03-23 22:30:14 -------- d-----w C:\Program Files\Starware347
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 00:17:46 -------- d-----w C:\Program Files\Project64 1.6
2007-03-12 00:11:52 -------- d-----w C:\Program Files\Microsoft Games
2007-03-10 02:34:24 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Hamachi
2007-03-10 02:32:11 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-03-08 22:06:57 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 15:24:30 -------- d---a-w C:\Program Files\MyWebSearch
2007-03-07 15:23:44 -------- d-----w C:\Program Files\IGN
2007-03-07 15:22:09 -------- d-----w C:\Program Files\FastCapPro
2007-03-07 15:21:51 -------- d-----w C:\Program Files\ewido anti-malware
2007-03-05 21:22:15 -------- d-----w C:\Program Files\AuditionSEA
2007-02-20 19:23:54 524,288 ----a-w C:\Hitman 2 Silent Assassin (PC GAME FULL).exe
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{208E7E77-507A-4649-B0C9-D39E9049C7A2}=C:\Program Files\Give4Free Plugin\ibho.dll [2007-05-06 21:07]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2006-02-14 20:05]
{E14B7248-B884-9775-F1D8-B7DEC9B259CA}=C:\WINDOWS\system32\vcvdwcj.dll []


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-13 11:48]
"Drag'n'Drop_Autolaunch"="C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" [2004-04-22 15:51]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-04-22 21:01]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-04-22 21:01]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2002-08-01 16:13]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 21:10]
"@"="" []
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 22:17]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2002-05-18 13:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"sys037155927148"="C:\WINDOWS\sys037155927148.exe" []
"wennwaeA"="C:\WINDOWS\wennwaeA.exe" []
"eTrustPPAP"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2006-04-22 15:52]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" [2007-01-17 13:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 16:00]
"@"="" []
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 22:22]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 06:43]
"Aim6"="" []
"Usrr"="C:\WINDOWS\system32\CROSOF~1\chkdsk.exe" []
"Vkqhhbai"="C:\WINDOWS\system32\W?nSxS\j?vaw.exe" []
"kirm"="C:\PROGRA~1\COMMON~1\kirm\kirmm.exe" [2006-07-19 15:56]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Steam"="E:\Program Files\Steam\Steam.exe" [2007-05-14 08:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 08:21]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService
HTTPFilter HTTPFilter
DcomLaunch DcomLaunch TermService
WudfServiceGroup WUDFSvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-18 16:34:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-18 16:40:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-18 16:40


--- E O F ---





and here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:54:42 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\PROGRA~1\COMMON~1\kirm\kirmm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\kirm\kirma.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E14B7248-B884-9775-F1D8-B7DEC9B259CA} - C:\WINDOWS\system32\vcvdwcj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [sys037155927148] C:\WINDOWS\sys037155927148.exe
O4 - HKLM\..\Run: [wennwaeA] C:\WINDOWS\wennwaeA.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Usrr] "C:\WINDOWS\system32\CROSOF~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Vkqhhbai] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
O4 - HKCU\..\Run: [kirm] C:\PROGRA~1\COMMON~1\kirm\kirmm.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Civilization Registration.lnk = D:\ATR1.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Dragonball Z Desktop Friends.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178305487828
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 19 May 2007 - 04:53 PM

Hello there,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

Give4Free Plugin
MyWebSearch


Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: (no name) - {E14B7248-B884-9775-F1D8-B7DEC9B259CA} - C:\WINDOWS\system32\vcvdwcj.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
O4 - HKLM\..\Run: [sys037155927148] C:\WINDOWS\sys037155927148.exe
O4 - HKLM\..\Run: [wennwaeA] C:\WINDOWS\wennwaeA.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [Usrr] "C:\WINDOWS\system32\CROSOF~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Vkqhhbai] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
O4 - HKCU\..\Run: [kirm] C:\PROGRA~1\COMMON~1\kirm\kirmm.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\vcvdwcj.dll
C:\WINDOWS\sys037155927148.exe
C:\WINDOWS\wennwaeA.exe


Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now. Please reboot your computer into Safe Mode, by pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following folders (if present):

C:\Program Files\Give4Free Plugin
C:\Program Files\MyWebSearch
C:\WINDOWS\system32\W?nSxS <--this will not contain a question mark, but it will be a strange symbol that looks like an "i"
C:\Program Files\Common Files\kirm

Reboot into Normal Mode again.

Scan again with both HijackThis and ComboFix, and post back the logs in your next reply.
Thanks,
Charles

Edited by rookie147, 19 May 2007 - 04:54 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 garbageman

garbageman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 20 May 2007 - 07:42 PM

ok here is the hijackthis log -



Logfile of HijackThis v1.99.1
Scan saved at 8:26:35 PM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Civilization Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Dragonball Z Desktop Friends.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178305487828
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)



and here is the combofix log -



"Brian" - 2007-05-20 20:28:47 Service Pack 2
ComboFix 07-05.17.6.V - Running from: "C:\scanning programs\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-20 ))))))))))))))))))))))))))))))))))


2007-05-20 20:27 <DIR> d-------- C:\scanning programs
2007-05-18 16:40 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-16 16:30 <DIR> d-------- C:\Program Files\PlayFirst
2007-05-16 12:23 589,824 --a------ C:\WINDOWS\system32\DVDRProX.dll
2007-05-16 12:23 <DIR> d-------- C:\Program Files\Fujifilm e-Systems
2007-05-16 12:23 <DIR> d-------- C:\DOCUME~1\Brian\APPLIC~1\Digital Album Organizer
2007-05-12 20:57 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-05-12 20:57 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-05-12 20:57 <DIR> d-------- C:\Program Files\OpenAL
2007-05-12 16:26 <DIR> d-------- C:\DOCUME~1\Brian\APPLIC~1\BAMZOOKi
2007-05-11 14:53 <DIR> d-------- C:\Program Files\Souptoys
2007-05-11 14:53 <DIR> d-------- C:\DOCUME~1\Brian\APPLIC~1\Souptoys
2007-05-11 14:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Souptoys
2007-05-10 15:53 864,256 --a------ C:\WINDOWS\system32\DevIL.dll
2007-05-10 15:53 81,920 --a------ C:\WINDOWS\system32\ILU.dll
2007-05-10 15:53 36,864 --a------ C:\WINDOWS\system32\ILUT.dll
2007-05-10 15:53 161,280 --a------ C:\WINDOWS\system32\fmod.dll
2007-05-08 14:21 <DIR> d-------- C:\Program Files\WildGames
2007-05-06 21:07 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-05-05 15:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent
2007-05-05 08:46 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-03 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
2007-04-23 16:18 <DIR> d-------- C:\Program Files\Sacred
2007-04-23 16:17 <DIR> d--h----- C:\Program Files\FX Uninstall Information
2007-04-23 16:12 <DIR> d-------- C:\Program Files\Smart Projects
2007-04-23 10:07 <DIR> d-------- C:\Program Files\MagicISO
2007-04-20 20:16 <DIR> d-------- C:\Program Files\Astral


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-20 23:42:56 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Xfire
2007-05-20 23:40:15 -------- d-s---w C:\Program Files\Xfire
2007-05-20 19:05:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-18 00:34:07 -------- d-----w C:\Program Files\LimeWire
2007-05-16 20:37:33 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\PlayFirst
2007-05-15 21:42:45 -------- d-----w C:\Program Files\BFG
2007-05-14 19:39:52 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\yoclient
2007-05-12 12:44:42 -------- d-----w C:\Program Files\Paint Shop Pro 5
2007-05-04 23:12:18 -------- d-----w C:\Program Files\Movie Maker
2007-04-27 22:40:11 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Atari
2007-04-27 22:39:16 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-27 19:51:03 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\GetRightToGo
2007-04-18 22:06:34 -------- d-----w C:\Program Files\OGPlanet
2007-04-16 19:14:04 -------- d-----w C:\Program Files\Lionhead Studios Ltd
2007-04-16 18:55:11 12,362 ----a-w C:\WINDOWS\pw.exe
2007-04-11 23:56:08 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\bang
2007-04-09 23:29:49 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-09 23:28:05 -------- d-----w C:\Program Files\KONAMI
2007-04-03 14:50:22 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Starware347
2007-03-26 01:26:31 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\teamspeak2
2007-03-26 01:26:30 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-03-25 23:57:35 -------- d-----w C:\Program Files\directx
2007-03-25 23:57:17 -------- d-----w C:\Program Files\Common Files\Pinnacle
2007-03-25 23:56:20 -------- d-----w C:\Program Files\LEGO Media
2007-03-23 22:30:14 -------- d-----w C:\Program Files\Starware347
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 00:17:46 -------- d-----w C:\Program Files\Project64 1.6
2007-03-12 00:11:52 -------- d-----w C:\Program Files\Microsoft Games
2007-03-10 02:34:24 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Hamachi
2007-03-10 02:32:11 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-03-08 22:06:57 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 15:23:44 -------- d-----w C:\Program Files\IGN
2007-03-07 15:22:09 -------- d-----w C:\Program Files\FastCapPro
2007-03-07 15:21:51 -------- d-----w C:\Program Files\ewido anti-malware
2007-03-05 21:22:15 -------- d-----w C:\Program Files\AuditionSEA
2007-02-20 19:23:54 524,288 ----a-w C:\Hitman 2 Silent Assassin (PC GAME FULL).exe
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2006-02-14 20:05]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-13 11:48]
"Drag'n'Drop_Autolaunch"="C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" [2004-04-22 15:51]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-04-22 21:01]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-04-22 21:01]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2002-08-01 16:13]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 21:10]
"@"="" []
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 22:17]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2002-05-18 13:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"eTrustPPAP"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2006-04-22 15:52]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 16:00]
"@"="" []
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 22:22]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 06:43]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Steam"="E:\Program Files\Steam\Steam.exe" [2007-05-14 08:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 08:21]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService
HTTPFilter HTTPFilter
DcomLaunch DcomLaunch TermService
WudfServiceGroup WUDFSvc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\Setup\rsrc\autorun.exe
Shell\dinstall\command D:\Directx\dxsetup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\arun.exe


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-20 20:34:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

cmd.exe [3988]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-20 20:36:01
C:\ComboFix-quarantined-files.txt ... 2007-05-20 20:36


--- E O F ---

Edited by garbageman, 20 May 2007 - 07:45 PM.


#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 21 May 2007 - 06:11 AM

Hello again,
Please download ATF Cleaner to your Desktop.
Don't run it yet.

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

WildTangent
I see you are also using WildTangent. It is not malware, but is sometimes thought to bring malware along. WildTangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although the program is not technically considered spyware it does have built in components to update itself and gather system configuration information. Besides that, it is a MAJOR resource hog.
Unless you are an extremely avid games player, I suggest to remove this program.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Delete these files:

C:\WINDOWS\pw.exe
C:\WINDOWS\IFinst27.exe

Double click ATF-Cleaner.exe to run the program.
Under Main choose Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

Click Exit on the main menu to close the program.

Boot back into Normal Mode again.

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

Please include the Panda log in your next reply and also let me know how things seem to be running now.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 garbageman

garbageman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 25 May 2007 - 06:04 PM

ok heres the report this is part 1 of 2. it says theres alot of virusus and stuff but my comps running fine now.



Incident Status Location

Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\30\546824de-1d48c0d0[BaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\30\546824de-1d48c0d0[VaaaaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\30\546824de-1d48c0d0[Dvnny.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\30\546824de-1d48c0d0[Baaaaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\30\546824de-1d48c0d0[Dex.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\30\546824de-1d48c0d0[Dix.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\30\546824de-1d48c0d0[Dux.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\4d55eb2c-7ef1aa8e[BaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\4d55eb2c-7ef1aa8e[VaaaaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\4d55eb2c-7ef1aa8e[Dvnny.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\4d55eb2c-7ef1aa8e[Baaaaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\4d55eb2c-7ef1aa8e[Dex.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\4d55eb2c-7ef1aa8e[Dix.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\44\4d55eb2c-7ef1aa8e[Dux.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\59\5001e5fb-23985094[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\59\5001e5fb-23985094[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\59\5001e5fb-23985094[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\59\5001e5fb-23985094[Beyond.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\61\53d05fbd-11783a68[BaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\61\53d05fbd-11783a68[VaaaaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\61\53d05fbd-11783a68[Dvnny.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\61\53d05fbd-11783a68[Baaaaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\61\53d05fbd-11783a68[Dex.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\61\53d05fbd-11783a68[Dix.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Brian\Application Data\Sun\Java\Deployment\cache\6.0\61\53d05fbd-11783a68[Dux.class]
Virus:Trj/Downloader.IUM Disinfected C:\Documents and Settings\Brian\Desktop\Brian`s Folder\PopCap_Games_Crack_(WWW[1].CRACK-CD.COM).zip[PopCap Games Crack1.exe]
Potentially unwanted tool:Application/Malwarewipe Not disinfected C:\Documents and Settings\Brian\My Documents\mw_install.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\024H Lucky Reminder v1.83.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\123 Flash Image Extractor 1.20.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\1st Screen Lock 6.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\1st Screen Lock v6.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\2Flyer Screensaver Builder Pro 7.6.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\3D World Map v2.1 FULL.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\3DProducer v2.2.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\A Survival Guide for Secure Shell Handling.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\A-one DVD Ripper v4.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Able2Extract v3.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ableton Live v6.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acala DivX DVD Player Assist v2.4.1 UNATENDED.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acala DVD Audio Ripper v.2.4.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acala DVD PSP Ripper v.2.3.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acala DVD PSP Ripper v.2.4.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acala DVD Ripper v.2.4.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Access Administrator 4.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Access Lock 2.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ACDSee Pro9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ace Utilities 2.4.2.4003.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ace Video Workshop 1.4.32.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AceBackup 2004 v2.1.4.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acme CAD Converter v.7.01.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acoo Browser v1.40 Build 556.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acoustica Mixcraft 2.50.50.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acoustica Spin It Again v.1.1.b22.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Acronis TrueImage 8.0 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Active WebCam 7.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AcuteFinder v1.0.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ad-aware 6 Build.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ad-Aware SE Professional 1.06r1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Adam and steve DVDRIP.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Add Remove Plus v5.1.0.100.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Adobe Photoshop CS3 Beta.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Adobe Photoshop CS3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Adobe Premiere Professional 2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Adobe Premiere Professional v.2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AdSpy Eliminator v1.0 crack.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AdSpy Eliminator v1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AdultPDF PDF to Word v2.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Advanced MP3 Catalog Pro v3.30h.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Adware Agent V4.84.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Adware Spyware Be Gone.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AdwareX Eliminator 2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ahead DVD Ripper v1.4.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AI Roboform v6.70.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AIO Emulators collection working 100.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Airfoil 1.0.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alarm Master Plus v4.14.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alarm Master Pro 4.15.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Album Creator PRO v3.5.573.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alcohol 120 1.9.6.4629.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alias SketchBook Pro v2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alive MP3 WAV Converter Standard v2.3.2.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alligator Flash Designer v.6.0.0.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Allok MP3 to AMR Converter v2.0.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AllSpamGone 2.1.13.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AlphaCom v6.0.2.391.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt CD Ripper 2.02.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt CDA to MP3 Converter 2.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt MP3 Bitrate Converter 2.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt MP3 to WAV Converter 2.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt MP3 to WMA Converter 2.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt OGG to MP3 Converter 2.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt WAV MP3 WMA OGG Converter 4.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt WAV to MP3 Converter 2.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt WMA to MP3 Converter 2.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Alt-N MDaemon Pro v9.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Amadis DVD Ripper v.2.0.1.0820.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Amazon DVD Shrinker v2.4.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Amazon DVD Shrinker v2.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Amber Fast Audio Converter 1.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Amber QT Video Converter 1.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\American Pie The Naked Mile - DVD RiP - 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\American Pie The Wedding.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AMP v1.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AMUST Registry Cleaner 3.11.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Animated GIF Producer v3.0.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Animated Screen v1.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Anti Tracks v6.4.1.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Anti Tracks v6.418.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Anti Tracks v6.5.5.27 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Anti Trojan Elite 3.65.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Anti Trojan Elite 3.7.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Anti-Porn 8.1.9.15.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AntiSpy Pro v2.13.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Any DWG DXF Converter Pro v2007.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Any DWG to Image Converter v2007.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AnyDVD 6.0.7.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AnyReader 1.6.46.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AoA DVD Copy v2.75.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Aone MOV to AVI MPEG WMV Converter v1.4.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ApacheConf v5.0.0.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Apex Movie Converter v3.23.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Aplus DVD Ripper v4.38.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Apollo Audio DVD Creator v1.26.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Apollo DVD Burner.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Apollo DVD Creator 2.9.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Apollo DVD Creator v2.3.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Apollo DVD to iPod v3.2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Apple Quicktime Pro v7.0.3.25.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Area 51 iSO.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Array Designer v4.12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Artful gif animator 1.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Artlantis R v1.1.0.12 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ashampoo AntiSpyWare V1.50.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ashampoo AudioCD MP3 Studio v3.00.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ashampoo Firewall Pro 1.11.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ashampoo Magic Security v1.55.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ashampoo Photo Commander 5.10.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ashampoo PowerUp XP Platinum 1.10.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ashampoo Privacy Protector 2005 v1.55.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ASPMaker v5.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Atani 2.6.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Audio DVD Creator 1.85.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Audio Edit Magic v.9.2.1.346.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Audio Edit Magic v8.61.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Audio Editor Gold 8.4.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Audio Editor Gold v8.46.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Audio Grail (K-MP3) 6.6.7.124.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AusLogics BoostSpeed v3.3.5.636.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AusLogics Visual Styler v3.0.6.115.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Auto Audio Mastering System v.2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Auto Macro Recorder 5.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Auto Power-on & Shut-down 1.42.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AutoCad 2007 Full.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Autodesk Architectural Desktop 2007.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Automize v6.25.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AutoRun 3.2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Avast Professional Edition v.4.7.892.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\avast Professional Edition v4.7.892.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AVConverter Video Converter v2.1.12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\AVG Anti-Virus v7.1.407.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Avid Softimage Behavior V2.11.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Avira AntiVir PersonalEdition Classic 7 6.36.00.66.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Awin System Cleaner 2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Batch Image Resizer 2.73.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Battlefield 2 Deluxe Edition.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Beavis and Butt Head Do America.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Beowulf Cluster Computing with Linux.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Best Mail Server 2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Bibble Professonal 4.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Binary Vortex 3.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Bluescreen Screen Saver V3.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Bluetooth Lock 1.5.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Broken Cross Disk Manager Pro 3.92.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\BSplayer Pro v2.12.941.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Business Card Designer Pro ver. 4.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\CA eTrust Antivirus 2007 8.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\CA eTrust PestPatrol Anti-Spyware 8.0.0.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\CA eTrust PestPatrol Anti-Spyware v.8.0.0.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Call Of Juarez iSO.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Capture One PRO 3.7.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\CDCheck 3.1.12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\CDMenu Pro 5.21.00.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cebas FinalRender Stage v2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cedega v5.2.1 - allows Windows games to run on Linux.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Certificates Super Manager v1.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Chameleon Clock v3.50.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Chat Watch v4.4.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\CheckMail v2.53.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cheetah CD Burner v3.25.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cheetah DVD Burner v1.49.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cheetah DVD Burner v1.64.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cheetah DVD Burner v1.73.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Child Control 2006 v.8.53.0.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Child Control 2006 v8.199.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ClashN Slash Worlds Away.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Clean Slate 4.0 Build 1417.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Clipboard Box v2.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\CloneDVD 2.9.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\CloneDVD v4.0.11.458.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Codejock Xtreme Suite Pro 2006 ActiveX v10.4.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cold Fear.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ColorImpact 2.7.1.366.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Comedy Central Stand Up.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Company of Heroes iSO.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\COPS Shots Fired - DVDRip Xvid.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Corel Paint Shop Pro Photo XI.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cowon JetAudio v6.28 Plus VX Retail Record Audio Video.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Creating Windows AIO.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Crystal Player Professional v1.85.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cute CD DVD Burner v2.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cute FTP Pro v8.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Cute MP3 Converter v1.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\CuteFTP Pro 8.0.3 Build 10.12.2006.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Daemon Tools V4.03.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DaisyWords v1.1.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Dameware NT Utilities v5.1.1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DART Karaoke Studio 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Data Class Builder NET v2.21.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DaySmart v.6.0.1 Pro.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DbWrench v.1.3.5 MultiOS.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DDD Pool Full.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DeadDiskDoctor New.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Deja Vu TS XviD.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Delete Duplicates for Outlook Express v.1.3.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DeltaGIS Project Edition v.5.6.0.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Designing Data-Intensive Web Applications.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Desktop Magnifier 3.28.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Desperados 2 Coopers Revenge.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DFX Audio Enhancer For Winamp v7.210.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Digital Audio Editor v6.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Directory Opus 8.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DiskExplorer for NTFS v2.31.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Disneys Donald Duck Going Quackers.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DivX Create Bundle v6.2.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DocumentsRescue Pro 4.1.144.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DOR Original 1 CD DVD-RIP - 2006 + SUBS BOLLYWOOD.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Download Druid 2.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Downloader Pro v1.6.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Dragon 2006 DVDRip XviD-AAF.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Driverguide Toolkit 2.0.0.16.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Driving Lessons Xvid DoNe.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Droppix Recorder v1.75.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DVD Album Creator v2.2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DVD neXt Copy 1.0.4.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DVD Ripper X v2.0.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DVD-Cloner III v3.40.899.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DVD-LAB PRO 2.15.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Dvdcomposer 1.05.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DVDFab Platinum 3.0.5.1 BetaJust Released protection by.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DVDIdle Pro v5.65.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DVDInfoPro v4.614.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DVDRecode v1.12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Dynamic Web Ranking v5.0.25.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\DZSoft PHP Editor 3.5.0.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\EarthView v3.3.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\EarthView v3.32.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Easy Audio CD Burner 3.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Easy CD And DVD Cover Creator v4.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Easy CD-DA Extractor 7.5.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Easy Cd-da Extractor V9.0.12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Easy DVD CD Burner v3.0.58.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Easy DVD CD Burner v3.0.75.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Easy Photo Recovery v1.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Easy Video to Audio Converter v1.3.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Easy WebTV and Radio v1.7.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\EasyBoot 5.1.0.565 with valid serial.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\EasyBoot v5.1.0.565.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Edison DVDRip.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\EditPlus v2.20 Build 279.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\EmailSpider 8.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Error Repair Pro v.1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ExamDiff Pro 3.4.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Exe Password v1.117.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\EximiousSoft Cool Image v2.08.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\EximiousSoft GIF Creator v.3.37.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Exportizer Pro v3.12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Eye Spy Pro V1.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\EzGenerator v2.5.0.70.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FairStars Recorder v2.64.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Fast AVI MPEG Joiner v.1.0.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FaxSee Pro v2.50.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FIFA 07 - RELOADED.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FIFA 2007-RELOADED.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\File & Folder Protector 2.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Filehunter v3.5.6.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FileRescue Professional 2.1.2049.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Firegraphic v8.0.806.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Flags Of Our Father DVDscr-Xvid.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Flash Album Creator 1.7.4.949.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Flash Clean 2.95.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Flash Jigsaw Producer 2.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Flash Player Pro 3.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Flash Renamer v5.02.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FlashFXP 3.4.0 Build 1145.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Fledermaus Pro v6.21.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Flushed Away DVDSCR IMBT.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Folder Lock 5.6.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Folder Lock v5.57.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Folderlock v.5.6.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Foldersizes 3.6.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Font Creator 5.0 full.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Fotoprint V3.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Foxy v1.65.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Fresh Download 7.22.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FTP Explorer 1.01.036.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FTP Now v2.6.35.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FTPRush 1.0.0.593 Unicode.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\FTPRush Unicode 1.0.0.593.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Full Video Converter 2.8.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\G-Force Platinum v.3.55.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\GameJackal v.2.8.16.402.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\GatherBird Setup Creator v1.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Geocap v4.04.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Gertrudis Pro v2.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\GetRight Professional 6.1+.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ghostsurf Platinum 2006 v.4.0.4.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\GIANT AntiSpyware 1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Giant Spam Inspector 4.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Gigahertz and Terahertz Technologies.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Goldfish Aquarium 2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Google Earth Pro 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Grand Theft Auto San Andreas.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Greetsoft desktop clock 4.0.7.169.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Hard Drive Inspector v1.6.915.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\HddLife 2.9.109 Final.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Hearts of Iron 2 Doomsday-RELOADED iSO.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Heroes New - very cool.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\HexDataEdit 1.20.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Hide And Protect Any Drives.exe


here is part 2 of 2


Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Hide IP Platinum 3.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Hide IP Platinum 3.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Hide IP Platinum v1.75.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\HiDownload Pro 6.92.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Hillstone Staff Manager v2.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Hit-Recorder v1.4.27.30.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\HyperCalendar 2 2.37.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\HyperSnap 6.12.02.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\IDpack Pro 7.5.59.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\IE HTTP Analyzer 1.7.4.207.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImageKeyRec v3.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO Audio Encoder 2.1.60.1208.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO AVI MPEG Converter 3.1.10 build-1009.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO CD Ripper v1.0.33.1013.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO DivX to DVD Converter 2.0.12 build-0720.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO DVD Audio Ripper v2.0.39.127.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO DVD Audio Ripper v2.0.55 1013.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO DVD Copy Express 1.0.1 build-1013b.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO DVD to PSP Converter 4.0.56 build-0928.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO MOV Converter 3.1.10 build-1009b.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO MPEG to DVD Converter 2.0.10 build-0526b.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO OGG Converter 2.1.59 build-0826b.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO PSP Video Converter 3.1.10 build-1009b.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ImTOO PSP Video Converter v2.1.55.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Indigorose Autoplay Media Studio 6.0.4.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ink Saver 2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Instant Messengers Password Recovery.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Internet Explorer Security Pro v7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Internet Lock V3.0.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Into The Blue 2005 DVDRip XviD-ALLiANCE.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Introduction to Cryptography with Java Applets.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Intuit TurboTax Business 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ionCube PHP Encoder v6.5.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\IOSHunter version 2.30.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\IP hider v2.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\IPB 2.2.1 IPB Gallery 2.1.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\IPod Access for Windows v2.9.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ipswitch Collaboration Suite Premium 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\IsoBuster 2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\IsoBuster Pro 2.0.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\IsoBuster v2.0 -NEW- +patch.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Isoeditor V1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ISOpen v3.2.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ISS BlackICE Server Protection v3.6.cpv.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\iTunes for Windows 7.0.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\J River Media Center v.11.1.200.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Jaws V7.10.500.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\JetAudio v6.28 Plus VX.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Jpeg Enhancer v1.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Just Checking V3.08.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Just Friends DVDRip.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Jv16 PowerTools 2006 v1.5.2.337.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Kaspersky 6 Emergency CD.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Kaspersky Antivirus Personal PRo 5.0.676.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\KLS Backup 2006 Professional v2.1.0.1 Keygen.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\KoolMoves v5.3.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Lady In The Water 2006 DVDRiP XViD-iKA.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Lavavo CD Ripper v3.1.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\League Pad 4.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Learn To Speak Russian 2.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Legacy Of Kain Soul Reaver 2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Lightzone v2.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\LimeWire Pro 4.12.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Limewire Pro 4.13 Beta.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\LimeWire v.4.12.6 Pro.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Line of Sight Vietnam.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Lionheart Legacy of the Crusader.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Logo Design Studio 2005.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Lula Flipper.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Macromedia Dreamweaver MX Fast Easy Web.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Macromedia Studio 8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Magic ASCII art gen.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Magic DVD Ripper v.4.2.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MagicMedia v3.25.50920.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MagicMedia v3.31.60606.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MagicScore Maestro v4.120.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Magix Movie Edit Pro 11 v5.5.4.1 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MAGIX Photo Clinic v5.5.28.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MakeInst v8.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Makeinst V8.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Marketing Plan Pro 2006 v9.00.0055.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Mavis Beacon Teaches Typing 16.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\McFunSoft Audio Editor v4.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\McFunSoft DVD Creator v.6.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Mdm Zinc V2.5.0.24.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Media Catalog Studio Pro v5.0.130.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Media Rescue Professional v4.4.156.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MediaChance DVD-lab PRO 2.15.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Mediamonkey 2.5.4.978 Final.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MediaMonkey v2.5.3.968.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Men Of Valor.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MessengerLog 5 Pro v5.35.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Micro-Sys A1 Website Download v1.0.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Microsoft Office 2003 Professional AIO.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Microsoft Visual C 6.0 Standard Edition.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MIDIMaestro MM4 rel 4.00.54.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\mIRC Power Pack 8.00 RC9X3 Build 7.113.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Mission Impossible 3 2006 DVDRip.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Mission Impossible III 2006 DVDRip XviD-WAF.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MobTime Cell Phone Manager 2006 v6.1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Modeling Financial Markets.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Monarch v8.01 Pro Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Mooma DVD Creator v2.00.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Mothership 1.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Mp3 Filter v4.2.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MP3 Wav Converter v3.05.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MP3tag 2.36.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MPEG2VCR v.3.14.200606.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Mr Fix It 2006 DVDRip.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\My Ad Blocker v2.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\My Blood Pressure 2.11.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\My Notes Keeper V1.62.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\My Password Manager 1.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\myLite Desktops v2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\MyVideoConverter v1.09.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\n-Track Studio 5.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\n-Track Studio v5.0 Build 2135.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Need For Speed Hot Pursuit 2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Neighbours From Hell.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Nero 7.5.7 Lite Micro.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Nero Burning ROM v7.0.1.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Nero PhotoShow Elite 1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Nero PhotoShow Express 4.5.2045 ISO.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\NeroVision Express v3.0.1.27.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Net Detective v5.19.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\NeT Firewall 2.3.2.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Net Meter 3.1.267.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Net Nanny 5.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Net-probe V2.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\NFS Carbon Trainer v1.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\NFS Most Wanted Relentless edition.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\NLSA Nova v2.2b48.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\NoClone Enterprise Edition v4.00.10.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Nvidia DVD Player v2.55.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Nvidia NDVD v.2.55.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ObjectRescue Pro 4.1.151.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\OctaGate Switch Enterprise 2.2.19.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Okoker CD And DVD Burner v1.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Okoker Iso Maker V1.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Okoker ISO Maker v1.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Okoker Mp3 to CD Burner 1.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Okoker Optimize Expert v1.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\One Click Ringtone Converter v1.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\OnOne Mask Pro v4.0 for Adobe Photoshop.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Onspeed 3.6.68.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\OO Products Sep. 2006. - AiO.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\OraLobEditor 1.2.2.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\OSS Audio CD Maker v3.0.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\OtsDJ v1.15.004.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Panda Antivirus 2007.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PaperOffice Professional v1.8.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Paragon Drive Backup 8.0 Pro.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Paragon Partition Manager Pro v8.0 Recovery CD Image.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Paretologic XoftSpy Portable v1.1 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Passware Kit v7.9.2157 Enterprise.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Password Retriever 5.2.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PC Accelerator 2007 1.2.17.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Pc Auto Shutdown V3.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PC Tools Antivirus ver. 3.0.0.15.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Pdf Creator Plus V3.0.0.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PDF Password Remover v2.5.05312006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PDF Password Remover v2.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Phoenix Recover Pro V6.01.20060526.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Photo Collector Pro v1.1.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Photo DVD Wizard v2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Photo Frame Maker 2.x.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Photo to Sketch v3.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Photo2DVD Studio v4.9.8.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PhotoDesktop 3.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Photolightning V4.52.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PhotoRescue Pro 4.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PhotoZoom Professional 1.2.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PHP Maker v.4.3.0.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Pinnacle Avid Liquid v7.00.2693.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Pixarra TwistedBrush v11.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Pixarra TwistedBrush v7.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PixFiler v.5.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PMView v3.20 Pro.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Poker Pro 2006 v4.1.67.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable Active Partation Recovery 5.0.337.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable Atani v4.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable ConvertXToDVD v2.0.13.128 - Multilanguage.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable Fontographer v4.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable Norton Utilities 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable OO Defrag V8.5 Professional.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable OO Disk Format Recovery 4.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable OpenOffice.org 2.0.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable Proxy Switcher Pro v3.7.3647.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Portable WinZip Pro v.11.0.7313.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Poser v6.0.0.38 Full Version Documentation.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Power DVD 7 Deluxe.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Power Spy 2006 v4.0.0.56.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Power Video Converter v1.5.11.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Power Video Converter v1.5.14.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Power Video Converter v1.5.16.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PowerArchiver 2004 9.00.30.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PowerISO 3.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PowerISO v3.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PowerPoint Presenters Suite.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Premium Clock V2.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PremiumSoft Navicat MySQL v7.22.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Prevx 1 2.0.3 build 37.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Prison Break S02 E06 HDTV XviD.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Privacy Defender v7.0.2n.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Pro Evolution Soccer 6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Process Mapping Professional v7.00.0919.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Propellerhead Reason 3.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ProSecurity 1.20.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Proxy Finder Enterprise v1.90.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Proxy Switcher Standard.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ProxyManager v2.25.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\PTGui Universal 5.8.3 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Qimage Studio 2007.151 Full.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\QMsAddin Collection v2.12 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Quizmaker v2.03.27.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Rainbox Six Lockdown.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\RAM Saver Pro 5.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ranking Toolbox v4.0.4.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Rapidshare Link Checker 1.01.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Raxco PerfectDisk v.8.0 Build 48 Workstation Edition.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Raxco PerfectDisk v8.0.0.48 Proffessional.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Real Player 10.5 Premium.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Real Spy Monitor 2.58.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Real Spy Monitor v2.52.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Rebels Prison Escape iSO.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Recover My Files 2.80.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Recover My Files 3.95.4951.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Recover My Files.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\RegDoctor v1.57.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\RegDoctor v1.63.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ReGet Deluxe 4.2 Build 265.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ReGet Deluxe 4.3 Built 272- Newest Version + Patch.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Registry Mechanic 5.2.0.310.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Registry Mechanic 6.00.750.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\RegistryFix 5.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\RegVac v4.02.21.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Remote Office Manager 3.1 beta 2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Remotely AnyWhere v7.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Reportizer v2.2.5.73.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Reservoir Dogs.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ResumeMaker Professional v11.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Return To Castle Wolfenstein.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\RioDVD Region Free Player v1.03.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Rising Antivirus 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Rising Personal Firewall 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Roxanne Erotic Foto Set 20 foto HQ.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Roxio Easy Media Creator 9 Suite.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\RSIGuard Stretch Edition 4.0.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\RSS Submit v.2.31.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Saint Paint Studio v11.00.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Salon Iris v.6.0.1Pro.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Santa Babes Gallery 6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sateira CD&DVD Burner 1.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Satellite TV For PC - 2006 Elite Edition Full.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Saw III TELESYNC XViD-PUKKA.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SD WinHider v1.12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Search Engine Composer v5.3.12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Security Administrator 10.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Security Administrator v10.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Selteco Alligator Flash Designer 6.0.0.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Selteco Bannershop GIF Animator v5.0.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Selteco Newsletter Sender 2.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sensors View Pro v.2.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Serif DrawPlus 8.0.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Shareaza 2.2.3.0 Beta.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Shareview Professional 2.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ShellToys XP 5.2.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Signature Creator V1.11.40.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Simply Track Pro v2.4.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SiSoftware Sandra Pro 2005 1.10.37.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sisulizer v1.0.182 Enterprise.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SkiL v.1.1.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SlySoft AnyDVD v4.5.6.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Slysoft AnyDVD v5.9.6.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Slysoft AnyDVD v6.0.0.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SlySoft AnyDVD v6.0.7.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Smart Movie 3.2.1 3.82Mb.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Smart Protector Professional v4.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SmartBackup 3.4.0.403.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SmartBackup v3.3.0.400.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Smedge 3 v1.8.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Snappy Fax v3.67.1.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Snappy Fax v3.75.1.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SnapStream Beyond TV v4.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Snoop Dogs Hood of Horror 2006 Festival DVDSCR XViD-Vil.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Snoop dogs hood of horror DVDSCR.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SocketShield v1.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Soft DVD2one 2.05.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SoftMaker Office 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Softmaker Office v2006 Multilingual-AGAiN.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SolSuite 2006 v6.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sony ACID Pro 5.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sony Ericson Theme Creator.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SONY Vegas 7.0c.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sophos Anti-Virus v6.0.3 - Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sophos Antivirus v4.13 Pro RETAIL.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sothink DHTMLMenu v6.2 Build 51011.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sothink SWF Decompiler v.3.3 build 60720.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Sowsoft Active System Locker v3.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SpaceCAD v3.1.0.302.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SpamWasher v2.0.1000.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Special Edition Using CGI 2nd Edition.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Speed Video Splitter 2.4.15.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Speed Video Splitter 2.4.28.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Spy Cleaner 8.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Spy-CD v5.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SpyEraser 1.0.0.909 unatended full.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SpyRemover 2.08.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SpySweeper v5.0.7.1608(Full).exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Spyware Doctor v4.0.0.2618.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Spyware Doctor v4.0.0.2621.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Spyware Nuker.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SQL Server Backup 4.01.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Statistica 7 - High Performance Analytic Solutions.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Steinberg Cubase SX v.3.1.1.944.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Style XP 3.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Super AD Blocker v1.0.0.1662.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Super Video Joiner v3.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Super Video Splitter v3.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SuperCleaner v2.75 Full.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SWAT 4 Gold Edition.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Swift 3D v4.5.479.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Symantec AntiVirus Corporate Edition v10.2.27.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\SysNucleus USBTrace v1.3.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\System Cleaner 5.52.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\System Mechanic 6 Professional.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\System Mechanic Pro 5.0c.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\System Mechanic Pro v.6.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\System Mechanic Professional v6.0t.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Teach Yourself Corba in 14 Days.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Techra Virtual Programmable Keyboard v.1.02.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\TechSmith SnagIt 8.0.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Text to Speech Maker v1.3.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Bat! v3.0.0.15 Professional Edition.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Brothers Grimm DVDRip.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Covenant PROPER DVDRip XviD-TVMA.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Dead Girl 2006 DVDSCR.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Godfather 1972 iNTERNAL AC3 DVDrip XViD-TiDE.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Lake House DVDRip XviD-NeDiVx.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Marine SCREENER XViD-BMB.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Mark.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Others.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The PC Detective v2.7.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Snow Walker 2003 DVDRip Xvid.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Triangle 2005 DVDRip XviD-SAPHiRE.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\The Weather Man 2005 DVDRip.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\TheSpywareKiller 1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Throttle v6.12.11.2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Tom Clancys Splinter Cell - Double Agent.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Tomb Raider 4 The Last Revelation.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Trackmania Sunrise Extreme.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\TrackMania United.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\TreeSize Pro v4.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Trillian Pro 3.1.121.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\True Image Enterprise Server 8.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Tsarfin Ipmonitor 6.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Tsarfin Netinfo 6.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\TuneUp Utilities 2004 4.1.2318.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\TVedia v4.0.0714.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\TVPaint Animation v8.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\txt2pdf Convert v1.20.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\TypeTip 5.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\TypingMaster Pro 7 (Full) `.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\UFS Explorer v1.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ulead COOL 3D 3.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ulead Gif Animator 5.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ulead PhotoImpact v. 12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ulead PhotoImpact v.12 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ulead PhotoImpact v12 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ultra Document To Text Converter v.2.0.2006.718.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ultra MPEG Converter v1.8.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ultra Mpeg To Dvd Burner V1.66.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ultra WMV Converter v1.9.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Ultralingua v6.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Undelete NOW 1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\URLBase Pro 6.1.0.1094.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\User Control v.4.412.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Using and Understanding Java Data Objects.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Vehicle Manager 2006 v.1.0.2499.36532.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\VeryPDF HTML Converter v2.0.07112006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Video Vault v3.5.0.0204.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Virtual DJ Studio 4.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Virtual Painter Deluxe v5.0 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Virtutech Simics V3.0.22.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Vista Transformation Pack v5.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Visual Business Cards 4.14.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Visual Watermark v2.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\VMware Workstation 4.5.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\VueScan Pro 8.1.25.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Waist Deep DVDRip XviD-DiAMOND.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Warezpassword Door 8.2.8.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\We Are Marshall DVDSCR XViD-mVs.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Web Cache Illuminator v4.7.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Web Password Wizard v2.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Web Replay v1.5.0.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Webroot Desktop FireWall v1.3.0.52.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Wedding Crashers 2005 DVDRip.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Willing Webcam v3.4.20060421.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Win Task Pro v5.03.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Win Xp Manager 4.97.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Winamp 5.25 Build 868 + KeyGen.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Winamp Pro v5.20 Pak with Extra Skins.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinAntiVirus Pro v2.1.268.0 Retail.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinASO Registry Optimizer 2.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinAVI Video Converter 7.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Windows Password Expert v1.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Windows XP Professional Corporate SP2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinDVR 3 Full.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinMPG Video Convert v6.5.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WINner Tweak SE2 v3.3.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinQuota Corporate v.3.0.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinRaR 3.62 MegaFull rus.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinRAR v3.605 Beta 7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinTasks 5.04 professional.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinTools.net Professional v7.4.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinUtilities v5.12.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinXP Manager 4.97.4.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinXP Manager v4.94.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WinZip Self Extractor v3.0.7130.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Wise-FTP 4 v4.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WitCobber Super Video Splitter v3.7.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Without a Paddle DVDRip.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WM Recorder v.11.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\World Of Warcraft.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\World Trade Center 2006 with Nicolas Cage.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\World Trade Center 2006.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\World Trade Center DVDRip XviD-DiAMOND.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\WYSIWYG Web Builder v3.2.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\X-Ways WinHex v12.9.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Xara Xtreme Pro v3.0.1.692.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Xilisoft DVD Copy Express v.1.1.1.1026.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Xlight FTP Server Pro v1.64.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Xlight FTP v2.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Xmas Blox v1.0.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\XoftSpy 4.02.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\XP Codec Pack 1.0.3.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\XPize 4.4.2 Multilanguage.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\XPLite Professional 1.5.0273.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\XPTools WinUtilities v 5.11.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\xzxzxzxzxzxz.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Yahoo Password Stealer v.10.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\YourKit Java Profiler v.5.5.6.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\Zend Guard V4.0.1.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ZoneAlarm AntiSpyware 6.5.700.000.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Documents and Settings\Brian\Shared\_\ZoomMagic v.2.13 Build 60914.exe
Adware:Adware/Comet Not disinfected C:\Program Files\Starware347\bin\dlls\jokester.dll
Adware:Adware/Comet Not disinfected C:\Program Files\Starware347\bin\Starware347.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Uninstall My Web Search.dll
Potentially unwanted tool:Application/FunWeb Not disinfected C:\scanning programs\backups\backup-20070520-194935-232.inf
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\scanning programs\ComboFix.exe[ComboFixT\nircmd.exe]
Adware:Adware/Maxifiles Not disinfected C:\scanning programs\QooBox\Quarantine\C\Program Files\Common Files\{38A43~1\Bar888.dll.vir
Adware:Adware/Maxifiles Not disinfected C:\scanning programs\QooBox\Quarantine\C\Program Files\Common Files\{38A43~1\UnInstall.exe.vir
Adware:Adware/Maxifiles Not disinfected C:\scanning programs\QooBox\Quarantine\C\Program Files\Common Files\{58A43~1\system.dll.vir
Adware:Adware/Maxifiles Not disinfected C:\scanning programs\QooBox\Quarantine\C\Program Files\Common Files\{58A43~1\Update.exe.vir
Spyware:Spyware/7r7t Not disinfected C:\scanning programs\QooBox\Quarantine\C\Program Files\EQAdvice\Uninstall.exe.vir
Adware:Adware/MediaTickets Not disinfected C:\scanning programs\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
Adware:Adware/Maxifiles Not disinfected C:\scanning programs\QooBox\Quarantine\C\WINDOWS\b122.exe.vir
Adware:Adware/DeluxeComunications Not disinfected C:\scanning programs\QooBox\Quarantine\C\WINDOWS\retadpu4.exe.vir
Spyware:Spyware/MarketScore Not disinfected C:\scanning programs\QooBox\Quarantine\C\WINDOWS\system32\cemetrix.dll.vir
Adware:Adware/DeluxeComunications Not disinfected C:\scanning programs\QooBox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir
Adware:Adware/Sqwire Not disinfected C:\scanning programs\QooBox\Quarantine\C\WINDOWS\system32\tsuninst.exe.vir
Adware:Adware/Borlander Not disinfected C:\scanning programs\QooBox\Quarantine\C\WINDOWS\updater.exe.vir
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\b103.exe
Virus:Generic Trojan Disinfected C:\WINDOWS\b104.exe
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\b129.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Spyware:Spyware/7r7t Not disinfected C:\WINDOWS\pf78ba.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\QnJpYW4\kBLDsqb.vbs
Adware:adware/igetnet Not disinfected C:\WINDOWS\system\rules.dat
Adware:Adware/Borlander Not disinfected C:\WINDOWS\updater.exe.tmp

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 26 May 2007 - 02:26 AM

Hello again,
There are still quite a large amount of infected files in your PC that need clearing up before we pronounce you "clean".

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\Documents and Settings\Brian\My Documents\mw_install.exe
C:\Program Files\Uninstall My Web Search.dll
C:\WINDOWS\b103.exe
C:\WINDOWS\b129.exe
C:\WINDOWS\pf78ba.exe
C:\WINDOWS\system\rules.dat
C:\WINDOWS\updater.exe.tmp


Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now. Make sure you boot into Safe Mode.

Next, please find and delete the following folders (if present):

C:\WINDOWS\QnJpYW4
C:\Program Files\Starware347
C:\scanning programs\QooBox

Click Start | Control Panel.
Double click the Java icon.
Click Settings under "Temporary Internet Files".
Press Delete Files.
A window will open with three options to clear the cache.
- Delete Files
- View Applications
- View Applets
Click OK on "Delete Temporary Files" window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
Click OK on "Temporary Files Settings" window.

The following folder is related to your P2P downloads, and contains a huge amount of infected files. Therefore, please remove the folder and its content, despite the obvious legal issues, you will definately be quickly reinfected with files like that on your computer. Using these programs is probably what made your computer infected in the first place.

C:\Documents and Settings\Brian\Shared

Boot back into Normal Mode.

Then, once again, how are things running?
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 garbageman

garbageman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 04 June 2007 - 02:55 PM

ok srry for taking so long to get back to you


ok those popups are gone now but my computer is running slowly and new popups are coming up.


the new popups ive seen (so far)are

priceline

ultimate defender

outerinfo

media.fastclick.net



and when i scan my computer with pest patrol these items come up

Clickspring

DriveCleaner2006

GotoBar

Nebular S


and so i check them and click quarantine all pests(items)
but whenever i scan again they all come back up.

Edited by garbageman, 04 June 2007 - 04:25 PM.


#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 05 June 2007 - 04:58 AM

Can I have a new HijackThis log then, please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 garbageman

garbageman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 05 June 2007 - 01:02 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:57:30 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\smanager.7.exe
C:\WINDOWS\avp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Brian\My Documents\??stem\l?ass.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\scanning programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\umfslyhj.dll",realset
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [Usrr] "C:\WINDOWS\MBOLS~1\winspool.exe" -vt yazb
O4 - HKCU\..\Run: [Ygr] "C:\Documents and Settings\Brian\My Documents\??stem\l?ass.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Startup: Civilization Registration.lnk = D:\ATR1.EXE
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Global Startup: Dragonball Z Desktop Friends.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178305487828
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 05 June 2007 - 03:20 PM

Hi there,
Using My Computer/Windows Explorer, navigate to where you have HJT saved.
Right-click on the hijackthis.exe file.
Select "Rename", call it fluffybunny and press enter.
Use fluffybunny.exe from now on.

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 garbageman

garbageman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 07 June 2007 - 04:45 PM

heres the hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 5:33:20 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\smgr.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Brian\My Documents\??stem\l?ass.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\scanning programs\Fluffybunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {4E9F8815-180E-4184-AC72-C77950DEC988} - C:\WINDOWS\system32\ssqro.dll
O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - C:\WINDOWS\system32\opnmllj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {937D404B-D6F9-FE0A-D10A-8AADA99427C9} - C:\WINDOWS\system32\nmymkjl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\gjkabhey.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\umfslyhj.dll",realset
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [j5221836] rundll32 C:\WINDOWS\system32\j5221836.dll sook
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [Usrr] "C:\WINDOWS\MBOLS~1\winspool.exe" -vt yazb
O4 - HKCU\..\Run: [Ygr] "C:\Documents and Settings\Brian\My Documents\??stem\l?ass.exe"
O4 - Startup: Civilization Registration.lnk = D:\ATR1.EXE
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Global Startup: Dragonball Z Desktop Friends.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178305487828
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: qommjhi - C:\WINDOWS\SYSTEM32\qommjhi.dll
O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)





and heres the vundofix log



C:\WINDOWS\system32\awtrqno.dll
C:\WINDOWS\system32\efcawtq.dll
C:\WINDOWS\system32\hcawtcww.dll
C:\WINDOWS\system32\iifebxu.dll
C:\WINDOWS\system32\jhylsfmu.ini
C:\WINDOWS\system32\jkkhffd.dll
C:\WINDOWS\system32\opnmllj.dll
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\trutruwn.dll
C:\WINDOWS\system32\umfslyhj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtrqno.dll
C:\WINDOWS\system32\awtrqno.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\efcawtq.dll
C:\WINDOWS\system32\efcawtq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hcawtcww.dll
C:\WINDOWS\system32\hcawtcww.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\iifebxu.dll
C:\WINDOWS\system32\iifebxu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jhylsfmu.ini
C:\WINDOWS\system32\jhylsfmu.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkkhffd.dll
C:\WINDOWS\system32\jkkhffd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\opnmllj.dll
C:\WINDOWS\system32\opnmllj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak1 Could not be deleted.

Attempting to delete C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.bak2 Could not be deleted.

Attempting to delete C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\trutruwn.dll
C:\WINDOWS\system32\trutruwn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\umfslyhj.dll
C:\WINDOWS\system32\umfslyhj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 1:35:51 PM 6/7/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtrqno.dll
C:\WINDOWS\system32\efcawtq.dll
C:\WINDOWS\system32\hcawtcww.dll
C:\WINDOWS\system32\iifebxu.dll
C:\WINDOWS\system32\jhylsfmu.ini
C:\WINDOWS\system32\jkkhffd.dll
C:\WINDOWS\system32\opnmllj.dll
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\trutruwn.dll
C:\WINDOWS\system32\umfslyhj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtrqno.dll
C:\WINDOWS\system32\awtrqno.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcawtq.dll
C:\WINDOWS\system32\efcawtq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hcawtcww.dll
C:\WINDOWS\system32\hcawtcww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifebxu.dll
C:\WINDOWS\system32\iifebxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jhylsfmu.ini
C:\WINDOWS\system32\jhylsfmu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhffd.dll
C:\WINDOWS\system32\jkkhffd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmllj.dll
C:\WINDOWS\system32\opnmllj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\trutruwn.dll
C:\WINDOWS\system32\trutruwn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\umfslyhj.dll
C:\WINDOWS\system32\umfslyhj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 08 June 2007 - 10:03 AM

It looks like the Vundofix log got cut off near the end, so can you repost it all again for me please. Use a couple of posts if necessary.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 garbageman

garbageman
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 10 June 2007 - 05:51 PM

oh sorry



C:\WINDOWS\system32\awtrqno.dll
C:\WINDOWS\system32\efcawtq.dll
C:\WINDOWS\system32\hcawtcww.dll
C:\WINDOWS\system32\iifebxu.dll
C:\WINDOWS\system32\jhylsfmu.ini
C:\WINDOWS\system32\jkkhffd.dll
C:\WINDOWS\system32\opnmllj.dll
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\trutruwn.dll
C:\WINDOWS\system32\umfslyhj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtrqno.dll
C:\WINDOWS\system32\awtrqno.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\efcawtq.dll
C:\WINDOWS\system32\efcawtq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hcawtcww.dll
C:\WINDOWS\system32\hcawtcww.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\iifebxu.dll
C:\WINDOWS\system32\iifebxu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jhylsfmu.ini
C:\WINDOWS\system32\jhylsfmu.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkkhffd.dll
C:\WINDOWS\system32\jkkhffd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\opnmllj.dll
C:\WINDOWS\system32\opnmllj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak1 Could not be deleted.

Attempting to delete C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.bak2 Could not be deleted.

Attempting to delete C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\trutruwn.dll
C:\WINDOWS\system32\trutruwn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\umfslyhj.dll
C:\WINDOWS\system32\umfslyhj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 1:35:51 PM 6/7/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtrqno.dll
C:\WINDOWS\system32\efcawtq.dll
C:\WINDOWS\system32\hcawtcww.dll
C:\WINDOWS\system32\iifebxu.dll
C:\WINDOWS\system32\jhylsfmu.ini
C:\WINDOWS\system32\jkkhffd.dll
C:\WINDOWS\system32\opnmllj.dll
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\trutruwn.dll
C:\WINDOWS\system32\umfslyhj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtrqno.dll
C:\WINDOWS\system32\awtrqno.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcawtq.dll
C:\WINDOWS\system32\efcawtq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hcawtcww.dll
C:\WINDOWS\system32\hcawtcww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifebxu.dll
C:\WINDOWS\system32\iifebxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jhylsfmu.ini
C:\WINDOWS\system32\jhylsfmu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhffd.dll
C:\WINDOWS\system32\jkkhffd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmllj.dll
C:\WINDOWS\system32\opnmllj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\trutruwn.dll
C:\WINDOWS\system32\trutruwn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\umfslyhj.dll
C:\WINDOWS\system32\umfslyhj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...



thats all that was in the .txt

Edited by garbageman, 10 June 2007 - 05:52 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users