Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange pop-ups & P2P clients open by themselves

Started by holo_smyth , Aug 23 2006 09:28 PM

  • Please log in to reply

#1
holo_smyth
Posted 23 August 2006 - 09:28 PM

holo_smyth

    New Member

  • Member
  • Pip
  • 5 posts
The other day I booted my computer and noticed that limewire and shareaza opened on startup, so i msconfiged it and they both opened up 30 seconds later, Sense then it has been a battle even trying to use my computer. I uninstalled the p2p clients but still seem to be getting strange pop-up's and slow performance from my computer, part of the task manager has dissapeared as well, for a while it didn't work at all now I have got it working but it's not all there just the processes is there( it works fine in safe mode and under different accounts). I have been running norton 2003, ad-aware, spybot, and hijack this.
If anyone can help me wiht this I would greatly appreciate it.
Here is my hijack this log I have fixed a good amount of the regkeys. but some of them keep coming back after a while
Logfile of HijackThis v1.99.1
Scan saved at 11:13:56 PM, on 8/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\SYSTEM32\Userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Holli\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\vwrau.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,hsyefbf.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Program Files\OpenOffice.org 1.9.79\program\quickstart.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\System32\MRobeService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


and here is a picture of what my task manager looks like now

Attached Thumbnails

  • taskmanager.JPG

Edited by holo_smyth, 23 August 2006 - 09:30 PM.

  • 0

Advertisements

#2
miekiemoes
Posted 24 August 2006 - 09:18 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

It is important you don't miss a step and perform everything in the right order!!

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.gee...xplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

--------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
You may need several replies to post the logs.

By the way, concerning your taskmanager - you say that parts are missing -- well, just doubleclick the border in your taskmanager and the extra items will appear again.
  • 0

#3
holo_smyth
Posted 24 August 2006 - 10:41 PM

holo_smyth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK I followed your instructions and here are my log files

----BFU-------------
BFU v1.00.9
Windows XP SP1 (WinNT 5.01.2600 SP1)
Script started at 10:54:26 PM, on 8/24/2006

Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: ServiceStop Network Monitor (operation failed)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\Holli\LOCALS~1\Temp\~DF11F2.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Holli\LOCALS~1\Temp\~DFF0FB.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.



-----Ewido--------------
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:50:33 PM 8/24/2006

+ Scan result:



C:\Documents and Settings\holli2\Local Settings\Temp\temp.fr2C8E -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\holli2\Local Settings\Temp\temp.fr9C7E -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\k080lalm1dqa.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lvr0099me.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sylunirl.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-706699826-839522115-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-706699826-839522115-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\pxwma.dll -> Adware.Webdir : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-842925246-706699826-839522115-1005\Dc2.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-842925246-706699826-839522115-1005\Dc3.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-842925246-706699826-839522115-1005\Dc9.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-842925246-706699826-839522115-1005\Dc4.exe -> Downloader.Adload.es : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-842925246-706699826-839522115-1005\Dc6.exe -> Downloader.Adload.et : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-842925246-706699826-839522115-1005\Dc1.exe -> Downloader.Adload.eu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__d_m_o_n_w_v_._d_l_l_ -> Downloader.Agent.agw : Cleaned with backup (quarantined).
[1388] C:\WINDOWS\System32\dmonwv.dll -> Downloader.Agent.agw : Error during cleaning.
C:\WINDOWS\pss\xumwb.exeCommon Startup -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__f_n_b_v_u_u_._e_x_e_ -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__l_u_a_w_l_d_q_._d_l_l_ -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__v_w_r_a_u_._e_x_e_ -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\llpag.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
[1256] C:\WINDOWS\System32\luawldq.dll -> Downloader.Qoologic.bj : Error during cleaning.
[1720] C:\WINDOWS\System32\luawldq.dll -> Downloader.Qoologic.bj : Error during cleaning.
[632] C:\WINDOWS\System32\luawldq.dll -> Downloader.Qoologic.bj : Error during cleaning.
C:\WINDOWS\system32\w0028601.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w19961a2.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-842925246-706699826-839522115-1003\Dc36.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\ac3_0002.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-842925246-706699826-839522115-1003\Dc11.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\2 Pac ft Snoop Dogg - 2 of Amerikaz Most Wanted.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\3 Doors Down - Landing In London.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\4 Strings - Hurricane.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\4 Strings - Sunrise (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\4 Strings - Until You Love Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\50 Cent & Olivia - Best Friend.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\50 Cent - Build You Up (Feat. Jamie Foxx).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\50 Cent - Hustler's Ambition.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\50 Cent - Window Shopper.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\7 Air - Outland.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\A Dios Le Pido - Juanes.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\A Studio - S.O.S.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\A-Ha - Cosy Prisons.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\A-Ha, Mark Mothersbaugh, Peach - I U Zissou Together (Take On U...).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\AFI - Miss Murder.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\ATB - Humanity.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Abba - Chiquitita.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Above & Beyond - Alone Tonight.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Above & Beyond - Can't Sleep.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Accuface - Pure Energy.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Adam White & Anthony Dean - Out of Knowhere (Parsberg & Splint Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ahmir - You're The One.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Airbase - Escape.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ak Project - Forever.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Akcent - Jokero.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Akira - Million Miles From Home.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Akira - Piece of Heaven (Radio Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Alex M.O.R.P.H. & Woody Van Ey - Heavenly.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Alice Cooper - Under My Wheels.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Allie - Living In A Whisper (Anton Bass New Pop Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Angelina - Pictures of You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Angelina - Snowflakes.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Angels and Airwaves - Do It For Me Now.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Anggun - In Your Mind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Anggun - Saviour.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Anna Nalick - Breathe (2 AM).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Antolini & Moreno Vs Thmoas Gold - Dont Know Anybody (Less Vox Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Apex - Virtuoso (Factoria Vocal Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Aqua Lounge - Two Fast.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Arash - Arash (Feat Helena).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Arash - Iran Iran.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Arctic Monkeys - When the Sun Goes Down.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Armin Van Buuren Ft. Justina Suissa - Simple Things (Original Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Arnold Palmer vs Moti Special - Cold Days.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ashanti - Take Me Tonight.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ashlee Simpson - Boyfriend (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ashlee Simpson - Invisible.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ashley Parker Angel - Let U Go (Final Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Astral Projection - Dj Condom.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Avalon Superstar ft Rita Campbell - All My Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Avant - 4 Minutes.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Avant feat. Jermaine Dupri - Ghetto Public Service Announcement.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Avant feat. Lloyd Banks - Exclusive.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Avantgarde - Get Down (Megara vs. Dj Lee Remix Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Axel Coon - Third Base.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Axwell - (Can You) Feel the Vibe.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Axwell Feat Steve Edwards - Watch The Sunrise.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\BWO - Temple Of Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Baby Bash - Sexy Eyes Da Da Da Da.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Backstreet Boys - All I Have To Give.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Baracuda - [bleep] Up (Groove Coverage Rmx).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Basto - Rock With You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Beam - On Your Mind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Beatfreakz - Somebody's Watching Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Beenie Man feat. Akon - Girls.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Belle and Sebastian - Piazza, New York Catcher.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ben Harper - Sexual Healing.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Benassi Bros - Rocket In The Sky.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Benassi Bros Feat. Dhany - Make Me Feel (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Benassi Bros Feat. Dhany - Rocket In The Sky (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Benassi Brothers ft Naan - Feel Alive (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Beyonce - Ring The Alarm.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Beyonce Ft Ghostface Killah - Summertime (Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Beyonce feat. Slim Thug - Check On It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Beyonce' Feat Jay-Z - Deja Vu (Radio).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Big Ang feat Siobhan - Its Over Now (flip & fill remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Big World Presents Swen G Ft. Inus - Morning Light (Vocal Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Black Buddafly ft Fabolous - Bad Girl.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Black Eyed Peas - My Humps.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Black Eyed Peas - My Style.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Black Eyed Peas - Pump It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Blero - Sexy Moves.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bloc Party - Banquet.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bob Sinclair ft Gary Pine - Love Generation (radio edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bob Sinclar - World Hold On.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bobby Valentino - Wreck.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bodyrox - Yeah Yeah.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bon Jovi - Who Says You Can't Go Home.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bonito & Louis - Rush.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bonito & Trooper - Journey Of Life (Alex Megane Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bow Wow - Fresh Azmiz.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Brian McFadden - Irish Son.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Brisky & Coleman - Heaven's Tears.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Britney Spears - Girl In The Mirror.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Bubba Sparxxx - Heat It Up.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Busta Rhymes - Touch It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Busta Rhymes Ft. Papoose - Get Right.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Busta Rhymes Kelis Will I Am - I Love My [bleep].mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Cabballero - Sleepin (Now That You Are Gone).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Cabin Crew - Star To Fall (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Caesars Palace - Jerk It Out.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Carl B - Solitude.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Carl Cox With Hannah Robinson - Give Me Your Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Cascada - Everytime We Touch (Radio Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Cascada - Miracle (Radio Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Cassie feat. Ray-J - Me & You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Cat Power - After It All.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ceoma feat. The Larx - Love Is More.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Chamillionaire ft. Krayze Bone - Ridin'.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Channing - Bootsy Bootsy Boom (Original Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Cherish ft. Sean Paul & Young Bloodz - Do It To It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Chicane - Stoned in Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Chingy feat Tyrese - Pulling Me Back.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Chris Brown - Gimme That.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Chris Brown - Yo (Excuse Me Miss).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Christina Aguilera - Ain't No Other Man (PO Clean Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Christina Aguilera - The Voice Within.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Clea - We Don’t Hav to Take Our Cloth.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Coldplay - The Hardest Part.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Collective Soul - Precious Declaration (Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Columbia Pictures - Band Zros.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Crazy Frog - We Are The Champions.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\D12 and Eminem - Fight Music.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\D4L - Betcha Can't Do It Like Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\DJ Shog - Be The One.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\DMX - Lord Give Me A Sign.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\DT8 Project Ft. Mory Kante - Narama (Dale Corderoy Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Da Buzz - Without Breaking.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Daddy Yankee ft Snoop Dogg - Gangsta Zone.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Daft Punk - Short Circuit.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Dandy Warhols Vs. Mousse T - Horny As A Dandy.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Daniel Powter - Bad Day.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Danzel Vs DJ F. - My Arms Keep Missing You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Dave MC Cullen - B tch.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\David Bowie - Rock N Roll Suicide.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Deep Dish Feat. Stevie Nicks - Dreams (Axwell Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Deep Voices - Imagenetic (Mac Zimms Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Dem Franchize Boyz ft. Lil Peanut & Charlay - Lean Wit It, Rock Wit It.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Devochka-studentka - Elka.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Diddy Ft. Nicole Scherzinger - Come To Me (PO Clean Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Dj Ferit vs. Pussycat Dolls - Buttons.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Doing Time Feat. in-Grid - I Was A Ye-Ye Girl (Agiman Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Duran Duran - Wild Boys.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\E-40 ft. T-Pain And Kandi Girl - U And Dat.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Eiffel 65 - Lucky (In My Life).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Elize - Into Your System.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Elton John - Levon.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Elude - Purgatory (Luke Terry's 2006 Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Embrace - Nature's Law.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Eminem - Shake That (Feat. Nate Dogg).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Eminem ft. P.Diddy - Dj Spanker.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Enrique Iglesias & Kelis - Not In Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Enur feat. Natasja - Calabria (2006 Radio Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Esli - Dmitrii Malikov.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Evanescence - Call Me When You're Sober.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Evasive - Ray of Sun.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Faithless - Addictive.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Fat Joe - Clap & Revolve (Street).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Fatboy Slim - Star 69.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Fergie - London Bridge (Oh [bleep]).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Fergie - London Bridge.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Filterfunk - Message In The Bottle (Delano & Crockett Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Fire & Ice - Lost Emotions (Bryan Kearney Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Foo Fighters - Over And Out.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Francesco Diaz ft Denis The Menace And Jerry Ropero - Time 2 Turn Around.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Franz Ferdinand - Do You Want To (Max Tundra Re...).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Fray - How To Save A Life.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Freeloaders - Now Im Free (Freefallin).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Freemasons Ft. Amanda Wilson - Watchin'.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\G-Spott - Sadness.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Gabriel & Dresden - Tracking Down Treasure.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Garbage - The World Is Not Enough.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\George Duke - Brazilian Love Affair (Mike Perry Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\George Michael - An Easier Affair.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Girls Aloud - I'll Stand By You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Gnarls Barkley - Crazy.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Goleo VI Pres. Lumidee vs. Fatman Scoop - Dance!.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\H.I.M. - Wings Of A Butterfly.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Hackett - Everyday Of My Life.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Haji & Emmanuel - Take Me Away (Stonebridge Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Helena Paparizou - Mambo (Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Him - Sex Pulsion.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Hips Don't Lie - Shakira & Wyclef Jean.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Inez - Stronger (Weekend Wonderz Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Infernal - Form Paris to Berlin.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ishtar Alabina - Ragga Boom (Re-mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ja Lecu - Valeria.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ja Rule ft 50 Cent - Diss.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ja S Toboi - Irakli.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\James Blunt - You're Beautiful.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Jamiroquai - Feels Like It Should.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Janet ft. Nelly - Call On Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Jay Z - Chopped Off My Shoulder (Crftp Chopped Up Remix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Jeckyll & Hyde - Frozen Flame.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Jessica Simpson - A Public Affair.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Jets To Brazil - Perfecting Loneliness.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Jewel vs. Gabriel Dresden - Serve The Ego (Pushpaka Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\JoJo - Too Little Too Late.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Joey Negro - Make A Move On Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Josh Hoge - 360.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Juanes - A Dios le Pido.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kanye West - Diamonds From Sierra Leone (Remix) (Feat. Jay-Z).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kanye West ft.Lupe Fiasco - Touch The Sky.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kate Ryan - Je T Adore.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Keane - Is It Any Wonder.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kelly Clarkson - Because Of You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kelly Clarkson - Breakaway.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kelly Clarkson - Walk Away.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kelly Clarkson - You Found Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kelly Llorenna - Nobody Like You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kenneth Thomas Ft. Colleen Riley - Ghost in the Machine.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kevin Lyttle - Away.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kim-Lian - Road To Heaven.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kooks - Naive.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Kt Tunstall - Black Horse And The Cherry Tre.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\L'Amour N'Est Rien - Mylene Farmer.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Lacuna - Celebrate The Summer.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\LeToya - Torn.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Lee Ryan - Real Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Lemond Pascal - The Shelter.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Leto - Chi-li.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Letoya - She Don't.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Letoya - This Song (Jermaine Dupri Prod.).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Lil Jon & the Eastside Boyz - Lovers and Friends.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Lil Jon - Snap Ya Fingers ft. Sean Paul And E40.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Lili Yoncheva - Happy People.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Linkin Park vs. Jay-Z - 99 Steps Klosr.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ljobov-krasavica - Zara.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Lola - No Strings (Wip Think Of England Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ludacris Feat. Pharrell - Money Maker.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ludacris and Field Mob - Georgia ft. Jamie Foxx.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Madonna - Get Together.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Mama Maria - Zanna Friske.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Mario Lopez - Lonely (Without You).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Mark Norman - Brasilia.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Martin Silence - Energy.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Martin Solveig - Jealousy (ft Lee Fields).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Mary J Blige - Take Me As I Am.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Mary J Blige feat. Brook - Enough Cryin.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Mary J. Blige - Be Without You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Mary J. Blige Ft. U2 - One.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Massari - Real Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Max Millan - Men Prefer Blondies.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Megan McCauley - Tap That.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Metallica - Blitzkrieg.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Moby - Slipping Away.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Moby - We Are All Made Of Stars.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Modular - These Lies.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Monica Ft. Dem Franchize Boyz - Everytime Tha Beat Drop.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Morandi - Falling Asleep.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Mylo vs. Miami Sound Machine - Doctor Pressure.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\N.E.R.D. - Rock Star Poser.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nalin & Kane Feat Denis The Menace - Beachball.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Narcotic Thrust - Waiting For You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Natasha Bedingfield - Unwritten.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nato - Be Umide.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ne Ljubi - Sophia Rotaru.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ne-Yo - Sexy Love.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nelly - Fly Away.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nelly - Over And Over (Feat. Tim Mcgraw...).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nelly Furtado - Maneater.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nelly Furtado - No Hay Igual.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nelly Furtado feat. Timbaland - Promiscuous.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Never Let You Go - Dima Bilan.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\New Model Army - Wonderful Way To Go.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nick Cannon - My Wife.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nick Cave and The Bad Seeds - Come Into My Sleep.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nick Kamen - Win Your Love (The Love Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nick Lachey - What's Left Of Me (The Passengerz Remix Radio Edit).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Nightwish - Sleeping Sun.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Novaspace - Run To You.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Olav Basoski - Waterman.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Omaha Feat. Fiona Holt - You Came into My Life.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\One-To-One - In The Morning Light.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Open Air feat Gram`Ma Funk - Hi Roller.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Orson - Happiness.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Orson - No Tomorrow.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Ozzy Osbourne - Iron Man.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\P.Diddy Ft. Nicole - Come To Me.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Pakito - Living On Video.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Paris Avenue ft Robin One - In My Mind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Paris Hilton - Stars Are Blind.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Paul Van Dyk - Words (For Love Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Paula DeAnda feat. Baby Bash - Doing Too Much.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Pet Shop Boys - Home And Dry (Ambient Mix).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Pet Shop Boys - I'm With Stupid.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Peter Gabriel - Here Comes The Flood (German).mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Petey Pablo - Give It Up.mp3.exe -> Dropper.VB.me : Cleaned with backup (quarantined).
C:\Documents and Settings\Holli\My Documents\Downloads\_\Pharell Ft. Nelly - Baby.mp3.exe -> Dropper.VB.me : Cleaned with backup (q
  • 0

#4
miekiemoes
Posted 25 August 2006 - 01:09 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

Can you also post the log from combofix and a new hijackthislog? That's why I said to use several replies to post the logs, because they won't fit in one reply. :whistling:
  • 0

#5
holo_smyth
Posted 26 August 2006 - 10:33 PM

holo_smyth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Holli - 06-08-27 0:25:39.20
ComboFix 06.08.24 - Running from: C:\Documents and Settings\Holli\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-27 to 2006-08-27 ))))))))))))))))))))))))))))))))))


2006-08-23 20:25 215,308 --a------ C:\WINDOWS\Setup90.exe
2006-08-23 20:25 115,157 --a------ C:\WINDOWS\Justin.exe
2006-08-22 22:24 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-22 22:18 61,952 --a------ C:\WINDOWS\system32\qlm6a225.dll
2006-08-22 22:18 200,000 -r-hs---- C:\WINDOWS\tkdeagp.exe
2006-08-22 22:18 1,233 --a------ C:\WINDOWS\system32\qlm6a225.sys
2006-08-21 18:41 159,744 --a------ C:\WINDOWS\sys011806108860-.exe
2006-08-21 16:48 53,248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-08-21 11:36 78,848 --a------ C:\WINDOWS\system32\nsq17.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-27 00:18 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-25 00:16 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-24 22:33 -------- d-------- C:\Documents and Settings\Holli\Application Data\OpenOffice.org2
2006-08-23 21:23 -------- d-------- C:\Program Files\Spyware Doctor
2006-08-23 21:18 -------- d-------- C:\Program Files\Common Files
2006-08-23 20:29 -------- d-------- C:\Program Files\Yahoo!
2006-08-23 20:23 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-23 18:06 -------- d-------- C:\Program Files\Windows Media Player
2006-08-23 18:04 -------- d-------- C:\Documents and Settings\Holli\Application Data\Shareaza
2006-08-23 12:02 -------- d---s---- C:\Program Files\Xfire
2006-08-23 10:05 -------- d-------- C:\Program Files\AbleFtp
2006-08-23 06:31 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-23 06:30 -------- d-------- C:\Program Files\LimeWire
2006-08-23 06:19 -------- d-------- C:\Program Files\Norton AntiVirus
2006-08-17 10:39 -------- d-------- C:\Program Files\WinRAR
2006-08-09 11:59 -------- d-------- C:\Program Files\Winamp
2006-07-31 22:08 -------- d---s---- C:\Documents and Settings\Holli\Application Data\Microsoft
2006-07-29 22:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-29 22:18 -------- d-------- C:\Program Files\Microsoft Office
2006-07-29 22:18 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-07-29 12:00 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-29 12:00 -------- d-------- C:\Program Files\Macromedia
2006-07-29 12:00 -------- d-------- C:\Program Files\Common Files\Macromedia Shared
2006-07-22 18:22 -------- d-------- C:\Documents and Settings\Holli\Application Data\BitTorrent
2006-07-22 10:40 -------- d-------- C:\Program Files\BitTorrent
2006-07-10 16:38 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-07-10 16:38 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,18,01,00,00,00,00,00,00,60,04,00,00,1a,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^m-trip Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\m-trip Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\m-trip Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\OLYMPUS\\m-trip\\Bin\\M-TRIP~1.EXE "
"item"="m-trip Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RtlWake.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\RtlWake.lnk"
"backup"="C:\\WINDOWS\\pss\\RtlWake.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Realtek\\Rtl8180\\FRtlWake.exe "
"item"="RtlWake"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^wmplayer.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\wmplayer.exe"
"backup"="C:\\WINDOWS\\pss\\wmplayer.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\wmplayer.exe"
"item"="wmplayer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^xumwb.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\xumwb.exe"
"backup"="C:\\WINDOWS\\pss\\xumwb.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\xumwb.exe"
"item"="xumwb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Holli^Start Menu^Programs^Startup^OpenOffice.org 1.9.79.lnk]
"path"="C:\\Documents and Settings\\Holli\\Start Menu\\Programs\\Startup\\OpenOffice.org 1.9.79.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 1.9.79.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.79\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 1.9.79"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Holli^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
"path"="C:\\Documents and Settings\\Holli\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\adstart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="\"iexplore"
"hkey"="HKLM"
"command"="\"iexplore.exe\" \"http://iesettingsupdate\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Advanced Tools Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADVCHK"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\bcmpv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fnbvuu"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\fnbvuu.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CplBCL50]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CplBCL50"
"hkey"="HKLM"
"command"="C:\\Program Files\\EzButton\\CplBCL50.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DeadAIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DeadAIM"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\PROGRA~1\\AIM95\\\\DeadAIM.ocm\",ExportedCheckODLs"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_12"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_12.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\fffnus]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fnbvuu"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\fnbvuu.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_12"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_12.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Mercora]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MercoraClient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Mercora\\MercoraClient.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ms046108860-180]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ms046108860-180"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ms046108860-180.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_12"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_12.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pop06apelt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="thiselt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\thiselt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\qlm6a225]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w19961a2.dll,n 0036a2220000000319961a2"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ScreenPrint32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ScreenPrint32"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScreenPrint32 v3\\ScreenPrint32.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sys011806108860-]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys011806108860-"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\sys011806108860-.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Duce6"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Duce6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wmplayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p2pnetworking"
"hkey"="HKLM"
"command"="p2pnetworking.exe"
"inimapping"="0"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sun 08/27/2006 0:26:52.15
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0

#6
holo_smyth
Posted 26 August 2006 - 10:34 PM

holo_smyth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
----------------HijackThis------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:31:52 AM, on 8/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Holli\Desktop\HijackThis.exe
C:\Documents and Settings\Holli\Desktop\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Program Files\OpenOffice.org 1.9.79\program\quickstart.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\System32\MRobeService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#7
miekiemoes
Posted 27 August 2006 - 02:07 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

Now we can finally deal with the rest...

I see you disabled a lot of startup entries via msconfig. You have to understand that disabling bad startup entries is not a good idea, because malware related entries needs to get deleted and not disabled.
Also the related files needs to go, because msconfig only disables entries in the registry, it doesn't delete any files.

So let's get rid of these bad entries and related files now...

By the way, is there any reason why you disabled some entries related with your Antivirus? That's a bad idea to disable your main antivirus.

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^wmplayer.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^xumwb.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\adstart]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\bcmpv]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\fffnus]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ms046108860-180]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pop06apelt]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\qlm6a225]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sys011806108860-]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wmplayer]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Delete next files:

C:\WINDOWS\Setup90.exe
C:\WINDOWS\Justin.exe
C:\WINDOWS\system32\qlm6a225.dll
C:\WINDOWS\tkdeagp.exe
C:\WINDOWS\system32\qlm6a225.sys
C:\WINDOWS\sys011806108860-.exe
C:\WINDOWS\uni_ehhhh.exe
C:\WINDOWS\system32\nsq17.dll
C:\WINDOWS\pss\xumwb.exeCommon Startup
C:\WINDOWS\pss\wmplayer.exeCommon Startup

Your hijackthislog looks clean again. :whistling:
Let me know in your next reply how things are running now.
  • 0

#8
holo_smyth
Posted 29 August 2006 - 08:29 PM

holo_smyth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Seems to be running great now I haven't had any other problems thanks alot! :whistling: :blink:
  • 0

#9
miekiemoes
Posted 30 August 2006 - 01:24 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Glad I could help. :whistling:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates, so visit asap: http://windowsupdate.microsoft.com/ to update to SP2!
Effective October 11, 2006, Windows XP SP1 and SP1a will transition to a non-supported status. After this date, Microsoft will no longer provide any incident support options or security updates. Existing support documents, however, will continue to be available through the Microsoft Support Product Solution Center Web site.
http://support.micro...com/gp/lifean19

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castleco...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :blink:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP