Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Alcan worm


  • This topic is locked This topic is locked

#1
rosyjazz

rosyjazz

    Member

  • Member
  • PipPip
  • 39 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:10:14 AM, on 2/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\limewire\limewire.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe
N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\SBDR\Application Data\Mozilla\Profiles\default\2xh81hah.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\SBDR\Application Data\Mozilla\Profiles\default\2xh81hah.slt\prefs.js)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dinst]
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Worm Detector] C:\Program Files\Worm Detector 3\Wd.exe tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Worm Detector] C:\Program Files\Worm Detector 3\Wd.exe tray
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\SBDR\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.photogize.com/saxfile.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.net...ar/netscape.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...81/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1148265307063
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151897300953
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...384/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...p1/imloader.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Rosy and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

ALL staff here at Geeks To Go are volunteers, please bear that in mind if I don’t answer your post as quickly as you’d like; I give what time I can.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have quite a mixture of malware. Let’s see what we can do.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

CCleaner
AVG AntiSpyware
CWShredder
cwsserviceemove.reg file

Go to Start > Run and type or copy & paste this into the Run box:

sc delete UMWdf

Hit ENTER

Now please install CWShredder, and run it. Click Check For Update, then Fix and then OK followed by Next, let it fix everything it asks about

Please install, and update AVG Anti Spyware
  • Load AVGas and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Deselect "Only if threats were found"
  • Close AVGas. Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

  • In Safe Mode, load AVGas and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVGas will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  • Please ensure you post that log in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [Dinst]
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\SBDR\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Unzip cwsserviceemove.reg file to your desktop. While in safe mode, double click on it and grant it permission to add the registry items.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

Limewire

Please notify me of any other programmes that you don’t recognise in that list in your next response

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the Windows tab, and under the heading of Applications, Utilities uncheck AVGas Anti-Spyware then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Post back a fresh HijackThis log (from normal mode) and I will take another look.
  • 0

#3
rosyjazz

rosyjazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I dont know what Topstyle Lite V3 is.

Whenever I start my system, the file C:\windows\system32 ALWAYS opens up on my desktop.

Thank you for all of your help.

Here is the log file:
Logfile of HijackThis v1.99.1
Scan saved at 6:14:00 PM, on 2/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\SBDR\Application Data\Mozilla\Profiles\default\2xh81hah.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\SBDR\Application Data\Mozilla\Profiles\default\2xh81hah.slt\prefs.js)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Worm Detector] C:\Program Files\Worm Detector 3\Wd.exe tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Worm Detector] C:\Program Files\Worm Detector 3\Wd.exe tray
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\SBDR\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.photogize.com/saxfile.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.net...ar/netscape.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...81/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1148265307063
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151897300953
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...384/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...p1/imloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  • 0

#4
rosyjazz

rosyjazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ok, the file no longer opens to my desktop.
  • 0

#5
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Any chance I could see the other log I requested please, AVGas?

* Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
* Please ensure you post that log in your reply.


  • 0

#6
rosyjazz

rosyjazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I am sorry about not posting the AVG log, but when I click on APPLY ALL ACTIONS button, the program freezes.
  • 0

#7
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Rosy

I don't know why AVGas is freezing, could be corrupted OS files. We will clean up first of all and then attempt a repair of the system.

Could you rescan and ask for a report before clicking apply all actions? That would help with showing me what I am up against.

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab


Click on Fix Checked when finished and exit HijackThis.

Reboot normally

Please visit Kaspersky using Microsoft Internet Explorer, for an online scan. Please select extended in the scan settings option; you will find it to be the second option from the top. Please post the Kaspersky log in your reply

Please also post a fresh HJT log from normal mode.
  • 0

#8
rosyjazz

rosyjazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Here are the logs for Kaspersky. Do they automaically clean the infected files it finds? There is no option to clean files.

All logs have been attached.

Attached Files


  • 0

#9
rosyjazz

rosyjazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
AVG File

I have tried to copy/paste the file twice and have tried to attach the file, but no luck. I am not sure what to do. Perhaps I could email it to you?

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:51:08 AM 2/27/2007

+ Scan result:



C:\Program Files\TBONAS\TBONcomp.dll -> Adware.ActivShopper : Ignored.
C:\Program Files\Altnet -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\DBBackup -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\DBBackup\Sigfiles.db -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\adm25.dll -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\adm4.dll -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\adm4005.exe -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\admdata.dll -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\admdloader.dll -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\admfdi.dll -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\admprog.dll -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\asm.exe -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\asmend.exe -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\dminfo3.cab -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\dmsetup.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\dmsetupbig.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\jsinstall.cab -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\selectdir.txt -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Download Manager\selectdir1st.txt -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\altnet.css -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\gradient.gif -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\local_firstuse.html -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\local_points.html -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\local_redeem.html -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\local_start.html -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\local_wallet.html -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\notconnected.gif -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\offline.gif -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\LocalPages\pixel.gif -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Points Manager.exe.Manifest -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\Help.xml -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\Sav3BD.tmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\Skin.xml -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\back-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\back.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\bottom.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\bottomleft.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\bottomright.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\close-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\close.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\forward-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\forward.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\help-bottom.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\help-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\help-sel.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\help-top.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\help-topleft.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\help-topright.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\help.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\left.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\maximise-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\maximise.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottom.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomleft.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomright.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\mb_left.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\mb_right.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\mb_top.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\mb_topleft.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\mb_topright.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\message.xml -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\minimise-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\minimise.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\points-disabled.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\points-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\points-sel.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\points.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\redeem-disabled.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\redeem-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\redeem-sel.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\redeem.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\refresh-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\refresh.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\right.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\settings-disabled.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\settings-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\settings-sel.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\settings.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\start-disabled.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\start-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\start-sel.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\start.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\top.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\topleft-pro.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\topleft-reg.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\topleft.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\topright.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\wallet-disabled.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\wallet-over.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\wallet-sel.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Skin\wallet.bmp -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\Temp Internet Shares -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\setup.cab -> Adware.Altnet : Ignored.
C:\Program Files\Altnet\Points Manager\sysdetect.dll -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1084\A0092716.exe -> Adware.BargainBuddy : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1084\A0092717.exe -> Adware.BargainBuddy : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1084\A0092743.dll -> Adware.BargainBuddy : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1084\A0092779.dll -> Adware.BargainBuddy : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Ignored.
HKU\S-1-5-21-322577280-2192733763-2993338133-1006\Software\aurora -> Adware.BetterInternet : Ignored.
C:\WINDOWS\BTGrab.dll -> Adware.BiSpy : Ignored.
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Adware.CashBack : Ignored.
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute.1 -> Adware.CashBack : Ignored.
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Adware.CashBack : Ignored.
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Adware.CashBack : Ignored.
HKLM\SOFTWARE\Gator.com -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\GInternet -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\GInternet\Proxy -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\Gator\dyn\GUS -> Adware.Gator : Ignored.
HKLM\SOFTWARE\Gator.com\Gator\stat -> Adware.Gator : Ignored.
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Ignored.
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Ignored.
C:\Program Files\Internet Optimizer\sim -> Adware.InternetOptimizer : Ignored.
C:\Program Files\Internet Optimizer\sim\pcp16x16.ico -> Adware.InternetOptimizer : Ignored.
C:\Program Files\Internet Optimizer\sim\pcp32x32.ico -> Adware.InternetOptimizer : Ignored.
C:\Program Files\Internet Optimizer\update -> Adware.InternetOptimizer : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Ignored.
C:\Program Files\ISTbar -> Adware.ISTBar : Ignored.
C:\Program Files\ISTbar\home.bmp -> Adware.ISTBar : Ignored.
C:\Program Files\Ebates_MoeMoneyMaker -> Adware.MoneyMaker : Ignored.
HKU\S-1-5-21-322577280-2192733763-2993338133-1006\Software\Microsoft\Internet Explorer\MenuExt\Web Savings -> Adware.MoneyMaker : Ignored.
C:\WINDOWS\SYSTEM32\P2P Networking -> Adware.P2PNetworking : Ignored.
C:\WINDOWS\SYSTEM32\P2P Networking\Cache -> Adware.P2PNetworking : Ignored.
C:\WINDOWS\SYSTEM32\P2P Networking\Cache\Database -> Adware.P2PNetworking : Ignored.
C:\WINDOWS\SYSTEM32\P2P Networking\Cache\Database\file-1000-0x7c452355edb8d9836d596af3bd4399a8.sig -> Adware.P2PNetworking : Ignored.
C:\WINDOWS\SYSTEM32\P2P Networking\Cache\Database\file-1001-92.sig -> Adware.P2PNetworking : Ignored.
C:\WINDOWS\SYSTEM32\P2P Networking\Cache\Database\index256.dbb -> Adware.P2PNetworking : Ignored.
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : Ignored.
C:\Documents and Settings\SBDR\Start Menu\Programs\Power Scan -> Adware.PowerScan : Ignored.
C:\Program Files\Power Scan -> Adware.PowerScan : Ignored.
C:\WINDOWS\SYSTEM32\70tovmto.ini -> Adware.Sahat : Ignored.
C:\Program Files\SideFind -> Adware.SideFind : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1084\A0092352.dll -> Adware.SideStep : Ignored.
C:\Downloads\WheelOfFortuneSetup-dm[1].exe -> Adware.Trymedia : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090183.exe -> Adware.Trymedia : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1084\A0092623.exe -> Adware.WebRebates : Ignored.
C:\WINDOWS\mmaker2.exe -> Adware.WebRebates : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignored.
C:\RECYCLER\S-1-5-21-322577280-2192733763-2993338133-1006\Dc4.rar/Setup.exe -> Backdoor.IRCBot.dd : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1010\A0087714.exe -> Backdoor.IRCBot.dd : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1010\A0087724.exe -> Backdoor.IRCBot.dd : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1095\A0096162.exe -> Backdoor.IRCBot.dd : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1010\A0087722.exe -> Backdoor.Rbot : Ignored.
C:\WINDOWS\wsem302.dll -> Downloader.Dyfuca.dc : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1010\A0087723.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090203.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090204.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090205.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090206.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090209.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090210.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090211.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090212.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090213.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090214.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090215.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090216.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090217.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090218.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090219.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090220.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090221.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090222.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090223.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090224.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090225.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090226.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090227.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090228.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090229.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090230.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090231.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090232.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090233.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090234.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090235.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090236.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090237.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090238.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090239.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090240.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090241.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090242.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090243.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090244.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090245.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090246.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090247.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090248.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090249.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090250.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090251.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090252.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090253.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090254.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090255.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090256.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090257.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090258.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090259.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090260.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090261.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090262.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090263.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090264.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090265.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090266.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090267.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090268.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090269.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090270.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090271.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090272.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090273.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090274.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090275.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090276.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090277.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090278.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090279.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090280.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090281.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090282.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090283.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090284.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090285.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090286.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090287.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090288.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090289.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090290.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090291.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090292.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090293.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090294.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090295.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090296.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090297.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090298.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090299.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090300.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090301.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090302.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090303.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090304.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090305.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090306.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090307.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090308.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090309.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090310.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090311.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090312.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090313.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090314.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090315.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090316.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090317.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090318.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090319.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090320.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090321.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090322.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090323.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090324.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090325.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090326.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090327.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090328.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090329.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090330.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090331.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090332.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090333.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090334.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090335.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090336.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090337.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090338.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090339.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090340.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090341.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090342.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090343.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090344.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090345.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090346.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090347.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090348.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090349.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090350.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090351.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090352.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090353.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090354.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090355.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090356.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090357.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090358.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090359.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090360.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090361.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090362.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090363.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090364.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090365.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090366.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090367.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090368.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090369.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090370.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090371.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090372.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090373.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090374.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090375.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090376.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090377.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090378.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090379.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090380.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090381.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090382.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090383.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090384.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090385.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090386.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090387.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090388.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090389.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090390.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090391.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090392.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090393.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090394.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090395.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090396.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090397.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090398.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090399.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090400.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090401.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090402.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090403.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090404.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090405.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090406.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090407.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090408.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090409.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090410.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090411.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090412.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1081\A0090413.exe -> Dropper.VB.lu : Ignored.
C:\WINDOWS\Downloaded Program Files\imloader.exe -> Not-A-Virus.Downloader.Win32.ImLoader.c : Ignored.
:mozilla.437:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.439:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.12:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.13:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.14:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.15:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.16:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.174:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.17:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.18:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.19:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.20:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.21:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.22:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.23:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.24:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.25:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.26:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.27:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.28:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.29:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.30:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.31:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.32:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.33:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.34:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.35:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.36:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.37:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.38:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.39:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.40:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.41:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.42:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.431:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.43:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.44:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.45:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.46:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.47:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.48:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.514:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.51:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.52:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.53:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.541:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.570:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.595:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.668:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.6:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.749:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.821:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.8:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.9:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.75:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.76:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.77:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.78:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.247:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.248:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.249:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.250:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.251:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.252:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.387:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.388:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.51:C:\Documents and Settings\SBDR\Application Data\Mozilla\Firefox\Profiles\htz3te9b.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.52:C:\Documents and Settings\SBDR\Application Data\Mozilla\Firefox\Profiles\htz3te9b.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.10:C:\Documents and Settings\SBDR\Application Data\SecondLife\browser_profile\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.11:C:\Documents and Settings\SBDR\Application Data\SecondLife\browser_profile\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.12:C:\Documents and Settings\SBDR\Application Data\SecondLife\browser_profile\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.58:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0pvj.default\cookies-1.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.59:C:\Documents and Settings\SBDR\Application Data\Netscape\NSB\Profiles\6d6i0p

Edited by Crustyoldbloke, 28 February 2007 - 01:23 AM.

  • 0

#10
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Rosy

I have edited as best I can and will now go about trying to clean up.

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy ALL THE TEXT contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Program Files\Altnet 
C:\Program Files\Internet Optimizer
C:\Program Files\ISTbar
C:\Program Files\Ebates_MoeMoneyMaker
C:\WINDOWS\SYSTEM32\P2P Networking
C:\Program Files\Kazaa
C:\Program Files\MBKWBar
C:\Program Files\MyWay
C:\Documents and Settings\SBDR\Start Menu\Programs\Power Scan 
C:\Program Files\SideFind 

Files to delete:
C:\WINDOWS\kogqucv.exe 
C:\WINDOWS\nsdb\hosts
C:\WINDOWS\wqsznytfzr.exe
C:\WINDOWS\kogqucv.exe 
C:\WINDOWS\nsdb\hosts
C:\WINDOWS\wqsznytfzr.exe
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll 
C:\WINDOWS\SYSTEM32\70tovmto.
C:\Program Files\TBONAS\TBONcomp.dll 


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Now, start The Avenger programme by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • Upon reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy & paste the content of c:\avenger.txt into your reply along with a fresh HJT log from normal mode, by using Add Reply

--------------------------------------------------------------------------------

Please follow these instructions carefully.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line: regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal. Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass.

Open Notepad, and copy everything inside the code box below (Starting with REGEDIT4) and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixit.reg on your Desktop. Make sure there is NO blank line above REGEDIT4

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADM4.ADM4] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TopSearch] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WEBInstaller]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com]
[-HKEY_USERs\S-1-5-21-322577280-2192733763-29933381331006\Software\Microsoft\Internet Explorer\MenuExt\Web Savings]


Locate fixit.reg on your Desktop, It should look like this: Posted Image and double-click on it. When it asks if you want to merge with the registry, click YES.

After merged successfully prompt reboot.
  • 0

Advertisements


#11
rosyjazz

rosyjazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hiyas!

Another issue I seem to have is a runtime error when my pc loads up:
C:\program files\common files\sonic\update manager\sgtray.exe

Thanks!




Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jlglvchi

*******************

Script file located at: \??\C:\Documents and Settings\issjywbv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\Program Files\Altnet not found!
Deletion of folder C:\Program Files\Altnet failed!

Could not process line:
C:\Program Files\Altnet
Status: 0xc0000034



Folder C:\Program Files\Internet Optimizer not found!
Deletion of folder C:\Program Files\Internet Optimizer failed!

Could not process line:
C:\Program Files\Internet Optimizer
Status: 0xc0000034



Folder C:\Program Files\ISTbar not found!
Deletion of folder C:\Program Files\ISTbar failed!

Could not process line:
C:\Program Files\ISTbar
Status: 0xc0000034



Folder C:\Program Files\Ebates_MoeMoneyMaker not found!
Deletion of folder C:\Program Files\Ebates_MoeMoneyMaker failed!

Could not process line:
C:\Program Files\Ebates_MoeMoneyMaker
Status: 0xc0000034



Folder C:\WINDOWS\SYSTEM32\P2P Networking not found!
Deletion of folder C:\WINDOWS\SYSTEM32\P2P Networking failed!

Could not process line:
C:\WINDOWS\SYSTEM32\P2P Networking
Status: 0xc0000034

Folder C:\Program Files\Kazaa deleted successfully.
Folder C:\Program Files\MBKWBar deleted successfully.
Folder C:\Program Files\MyWay deleted successfully.


Folder C:\Documents and Settings\SBDR\Start Menu\Programs\Power Scan not found!
Deletion of folder C:\Documents and Settings\SBDR\Start Menu\Programs\Power Scan failed!

Could not process line:
C:\Documents and Settings\SBDR\Start Menu\Programs\Power Scan
Status: 0xc0000034



Folder C:\Program Files\SideFind not found!
Deletion of folder C:\Program Files\SideFind failed!

Could not process line:
C:\Program Files\SideFind
Status: 0xc0000034

File C:\WINDOWS\kogqucv.exe deleted successfully.
File C:\WINDOWS\nsdb\hosts deleted successfully.
File C:\WINDOWS\wqsznytfzr.exe deleted successfully.


File C:\WINDOWS\kogqucv.exe not found!
Deletion of file C:\WINDOWS\kogqucv.exe failed!

Could not process line:
C:\WINDOWS\kogqucv.exe
Status: 0xc0000034



File C:\WINDOWS\nsdb\hosts not found!
Deletion of file C:\WINDOWS\nsdb\hosts failed!

Could not process line:
C:\WINDOWS\nsdb\hosts
Status: 0xc0000034



File C:\WINDOWS\wqsznytfzr.exe not found!
Deletion of file C:\WINDOWS\wqsznytfzr.exe failed!

Could not process line:
C:\WINDOWS\wqsznytfzr.exe
Status: 0xc0000034



File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\70tovmto. not found!
Deletion of file C:\WINDOWS\SYSTEM32\70tovmto. failed!

Could not process line:
C:\WINDOWS\SYSTEM32\70tovmto.
Status: 0xc0000034



File C:\Program Files\TBONAS\TBONcomp.dll not found!
Deletion of file C:\Program Files\TBONAS\TBONcomp.dll failed!

Could not process line:
C:\Program Files\TBONAS\TBONcomp.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

-----------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:38:26 AM, on 2/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\USBStorage\USBDetector.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG7\avgcc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\PROGRA~1\AVG7\avgamsvr.exe
C:\PROGRA~1\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\SBDR\Desktop\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\SBDR\Application Data\Mozilla\Profiles\default\2xh81hah.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\SBDR\Application Data\Mozilla\Profiles\default\2xh81hah.slt\prefs.js)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Worm Detector] C:\Program Files\Worm Detector 3\Wd.exe tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [jotjykcr] C:\nkirqxjp.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Worm Detector] C:\Program Files\Worm Detector 3\Wd.exe tray
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\SBDR\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.photogize.com/saxfile.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.net...ar/netscape.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...81/mcinsctl.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1148265307063
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151897300953
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...384/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...p1/imloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  • 0

#12
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Rosy

I think we are making ground albeit slow progress. I spy a batch file running in start up, which could be anything, but I know it is not legitimate so let's see what happens after it is removed.

I have to say that I am a little concerned that Avenger reported so many of the bad folders, highlighted by both AVG and Kaspersky as not being there - very weird.

Please ensure you carry out these instructions in the order they are written.

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O4 - HKLM\..\Run: [jotjykcr] C:\nkirqxjp.bat

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Please set your system to show all files; please see here if you're unsure how to do this.

Using Windows Explorer, delete this file:

C:\nkirqxjp.bat

Exit Explorer

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK

Under the "General" Tab

Ensure "Normal Startup-load all device drivers and services" is checked.

Click Apply->OK->Follow the prompts to Restart

---------------------------------------------------------------------------

Are you able to run AVGas and apply all actions without freezing yet?

----------------------------------------------------------------------------

Please download to your desktop ComboScan

Double click the white cross on the green button icon to start the scan. When it is complete it will produce two logs to the desktop. Please post both in your reply. Please note that if this the second or more time s that you have run ComboScan, it will produce just one log. Please post the log in your reply.
  • 0

#13
rosyjazz

rosyjazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
PROBLEM!! I have a keyboard error when I am in safe mode and cant type. Weird. And yes, I have been able to apply all actions in AVGas.
  • 0

#14
rosyjazz

rosyjazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Phil-

I went ahead and looked at msconfig in normal mode and the box for normal start up is checked, so I will continue.
  • 0

#15
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Please re open Avenger.

Copy ALL THE TEXT contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\nkirqxjp.bat


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Now, start The Avenger programme by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • Upon reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy & paste the content of c:\avenger.txt into your reply along with a fresh HJT log from normal mode, by using Add Reply

Do you have an AVGas log for me to see after applying all actions (Quarantine).

Once Avenger has run, you can do the Comboscan.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP