Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

qoologic some other


  • Please log in to reply

#1
nasa

nasa

    New Member

  • Member
  • Pip
  • 9 posts
here is log, thanks for help guys!
Logfile of HijackThis v1.99.1
Scan saved at 11:46:55 PM, on 11/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\win32070241156384.exe
C:\windows_e56.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\kybrdff_e56.exe
C:\nwnmff_e56.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\sys101156384024.exe
C:\WINDOWS\System32\mwinsoem.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\PSCastor\PSCastor.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\c3RlcGhlbiBhc2hjcmFmdA\command.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\my comp\My Documents\antivirus\HijackThis.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [win32070241156384] C:\WINDOWS\win32070241156384.exe
O4 - HKLM\..\Run: [windows] C:\\windows_e56.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e56.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e56.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [sys101156384024] C:\WINDOWS\sys101156384024.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\mwinsoem.exe GEN001
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [PSCastor] "C:\Program Files\PSCastor\PSCastor.exe"
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\DOBE~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: TA_Start.lnk = C:\TIGEN001.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\mwinsoem.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\c3RlcGhlbiBhc2hjcmFmdA\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi nasa and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.


1. Update AVG AntiSpyware 7.5
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG AntiSpyware, Do Not run a scan just yet

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG AntiSpyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
  • Close AVG AntiSpyware and reboot your system back into Normal Mode.
6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG AntiSpyware text report that you saved and a new HiJackThis log.


Regards,

Trevuren

  • 0

#3
nasa

nasa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
the admin had me get BFU and some other things
here is my new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 2:15:40 AM, on 11/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\win32070241156384.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BearShare\BearShare.exe
C:\WINDOWS\sys101156384024.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Documents and Settings\my comp\My Documents\antivirus\HijackThis.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [win32070241156384] C:\WINDOWS\win32070241156384.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [sys101156384024] C:\WINDOWS\sys101156384024.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\DOBE~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe




and here is my AVG log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:52:14 PM 11/13/2006

+ Scan result:



C:\WINDOWS\SYSTEM32\gmghnbla.dll -> Adware.Agent : Cleaned.
C:\WINDOWS\SYSTEM32\jhmgamkp.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353412.exe -> Adware.Bagon : Cleaned.
C:\WINDOWS\offun.exe -> Adware.Bagon : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP261\A0353499.exe -> Adware.BookedSpace : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0349920.exe -> Adware.CASClient : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0349921.dll -> Adware.CASClient : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353397.dll -> Adware.CASClient : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP262\A0353565.dll -> Adware.CommAd : Cleaned.
C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
C:\Program Files\DeluxeCommunications\DxcCore.dll -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
HKU\S-1-5-21-436374069-1563985344-1343024091-1004\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned.
HKU\S-1-5-21-436374069-1563985344-1343024091-1004\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned.
C:\Program Files\TopText\eabh.dll -> Adware.EZula : Cleaned.
C:\Program Files\TopText\seng.dll -> Adware.EZula : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0349768.dll -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0349830.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0349917.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0349918.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0350003.dll -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353411.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353419.exe -> Adware.NewDotNet : Cleaned.
C:\yz02.exe -> Adware.NewDotNet : Cleaned.
C:\WINDOWS\SYSTEM32\hlvi6wkjc.exe -> Adware.SearchAssistant : Cleaned.
C:\WINDOWS\System32hlvi6wkjc.exe -> Adware.SearchAssistant : Cleaned.
C:\Documents and Settings\my comp\My Documents\antivirus\backups\backup-20061112-130840-598.dll -> Adware.Suggestor : Cleaned.
C:\Documents and Settings\my comp\My Documents\antivirus\backups\backup-20061112-140336-711.dll -> Adware.Suggestor : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0349938.dll -> Adware.Suggestor : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353307.dll -> Adware.Suggestor : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353380.dll -> Adware.Suggestor : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353385.dll -> Adware.Suggestor : Cleaned.
C:\WINDOWS\SYSTEM32\p2jlseh8.dll -> Adware.Suggestor : Cleaned.
C:\DXC9.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0351108.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0351123.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0352203.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0352204.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353228.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353229.dll -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353227.exe -> Adware.Webhancer.a : Cleaned.
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0349825.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0350034.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0352239.exe -> Downloader.Adload.fu : Cleaned.
C:\mc44a53.exe -> Downloader.Adload.fu : Cleaned.
C:\Program Files\Common Files\Y1324OA.exe -> Downloader.PurityScan.cq : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0349818.exe -> Downloader.Zlob.avo : Cleaned.
C:\Documents and Settings\my comp\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0352196.exe -> Trojan.Qoologic : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0352213.exe -> Trojan.Qoologic : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353213.exe -> Trojan.Qoologic : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353246.exe -> Trojan.Qoologic : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353278.exe -> Trojan.Qoologic : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353296.exe -> Trojan.Qoologic : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353348.exe -> Trojan.Qoologic : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP259\A0353362.exe -> Trojan.Qoologic : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP261\A0353518.exe -> Trojan.Qoologic : Cleaned.
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0351107.exe -> Trojan.Runner.j : Cleaned.
C:\WINDOWS\System32ysjaevwx.exe -> Trojan.Runner.j : Cleaned.
C:\System Volume Information\_restore{F4161489-1A88-4786-87F0-936BCFF41DFD}\RP258\A0351106.exe -> Trojan.VB.tg : Cleaned.
C:\WINDOWS\uninst108.exe -> Trojan.VB.tg : Cleaned.
C:\Documents and Settings\my comp\Shared\111 Cool Hand Writing Fonts.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\18 Great Illusions.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\65 Original - Windows Vista Wallpapers.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Accepted (2006) ALLiANCE DVDRiP KvCD by Hockney(TUS Release).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Air America Radio - The Al Franken Show 110806 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Air America Radio - The Rachel Maddow Show 110806 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Air America Radio - The Randi Rhodes Show 110806 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Air America Radio - The Sam Seder Show 110806 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\All RSS feeds.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Australian govt draft says piracy stats are made up.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Azumanga Daioh [www kawaii-anime net].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Browse categories.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\CNET TV.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\CSI NY S03E08 HDTV XviD-XOR [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Call Of Duty 3 PAL XBOX360-DAGGER.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Clarkson The Good The Bad And The Ugly avi.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Cliff Richard - two's company(with covers) a DHZ Inc Release.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Coldplay 4CD.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Compare Prices.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Contact Us.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Copyright policy.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Criminal Minds 2x08 (HDTV-XOR)[VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\DVD-Lab.Pro.2.0+Mainconcept.Mpeg.Encoder.1.5 - (torrential.kicks-[bleep].org).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Depeche Mode-Songs Of Faith And Devotion-(Remastered)-2006-RNS.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Depeche Mode-Speak And Spell-(Remastered)-2006-RNS.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Employee of the Month (2006).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Encyclopedia Of Business And Finance Vol 1 & 2 pdf.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Firefox plugin.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Free MP3s.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Great Magic Tricks - Maths Numbers.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\HOW TO ACTIVATE VISTA 5840.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Help Center.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Hide IP Platinum 3 3 [EN+KEYGEN].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\History Channel Civil War A Nation Divided USA PS2DVD-Start2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\How To Develop A Perfect Memory (Dominic O'Brien) Quantum Memory Power.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\How to Talk to Anyone - 92 Little Tricks for Big Success in Relationships.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\IRC chat.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Jamie Olivers New Book (fixed).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Julio Iglesias - romantic classics(with covers) a DHZ Inc Release.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Karaoke Revolution 2 USA PS2DVD-BLACKCATS.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\L'équipe du 9 Novembre 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\La TenTaTioN De JeSSiCa FrEnCh DVDrIP-FrEd24 FoR CiNeFeeL.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Lost S03E06 HDTV XviD-XOR [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Lost S03E06 HR HDTV AC3 5 1 XviD-NBS [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Lynda com - Acrobat 8 Professional Beyond the Basics.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\MAGICS - Cardtrick Central - Best of Cards.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\MAGICS - Will Blyth - Paper Magic.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Medieval 2 Total War ENGLISH.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Medieval 2 Total War [PCDVD][English][www newpct com].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Medieval 2 Total War-RELOADED(www.thepeerhub.com).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Medieval 2 Total War-RELOADED.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Miami Vice DVDRip XviD-NeDiVx.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Mininova's new design (beta).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Moby-Go Very Best Of(with covers) a DHZ Inc Release.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Mythbusters s03e30 DSR XviD-DGAS [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\NOKIA's - TOP 20 - Best Games 2006-2007.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\New layout.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Nuclear and Particle Physics - An Introduction.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\One Tree Hill S04E06 Where Did You Sleep Last Night HDTV XviD-FQM [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Os Cavaleiros do Zodíaco - a série da tv - [DVD-Rip] ep 96 a 114.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\PC Games.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\PS2DVD - Call Of Duty 3 [USA] [www GamesTorrents com].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Passware Kit v7 5 Enterprise + SERIAL WORKING.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Privacy policy.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Professional Pizza Guide.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Recover password.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Register Now.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Repairing and Upgrading Your PC - March, 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\SCooP (2006) FReNCH DVDSCR XViD-CiNeReNaRD.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Satellite photo of world trade centre after terrorist attacks 9-11.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Scoop DVDRip XviD-DoNE 3553932 TPB.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Search Cloud.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Server Move.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Show all of today →.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Site map.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\South Park S10E13 DSRip XviD-aAF [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Spyware Removal.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Stormbreaker 2006 DVDRip XviD-LiNE 3554053 TPB.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Submit Software.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Superman Returns NTSC-DVDR-MPTDVD - (torrential.kicks-[bleep].org).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\TV Internet Setup.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\TV Shows.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Terms of use.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\The Beatles Love 320kbps UKNova mp3 rar.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\The Black Dahlia (2006).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\The Bread Baker Bible.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\The Colbert Report 11.08.06 (DSRip-DIMENSION)[VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\The Daily Show 11.08.06 (DSRip-DIMENSION)[VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\The Nine S01E06 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\The most beautiful girls CG (Computer Graphic) Sep 06.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Tips & Tricks.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Today on CNET.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Tony Hawks Project 8 USA XBOX-XorCist.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\TorrentPod Episode 12.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Torrentspy passed the 2 Million registered users mark.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Total Commander Ultima Prime 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Ultimate Boy Bands - 2cd's(with covers) a DHZ Inc Release.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Upload a torrent.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\VA - The No 1 Dance Hits [4CD]-++Demonoid com++ 1138293 2742.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W-Ease 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W.bloggar 3.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W2 Mate 2006 3.0.127.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W2 Pro Professional Edition 2005.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W2B_Restaurant 1.06.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W2XML 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W32.Blaster.Worm Removal Tool .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\[email protected] (Nimda) Removal Tool .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W32.Sasser Removal Tool 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\[email protected] Removal Tool .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W3Notify 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W4ShwIP 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W5A!erts Caller ID 3.38.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\W8Soft Ad-Spy Remover 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WA Browser 2.3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WABAccess 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WAC Server Manager 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WAP Proof 2.0.0515.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WAPT 4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WackGet 1.2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wacko Facto 3D Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wacky Animals Screensaver 3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wacom Intuos Driver 4.50 (12201999).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wacom Tablet Driver 4.70-6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wadja Mobile Editor 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Waha Transformer Lite for DB 2.2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wainmans Toolbar 4.5.88.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Waiting Up DT 0.001.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Waiting Up WP 001.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wake On LAN 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wake On Lan 0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wake Up Clock 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wake Up News 2005 5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WakeMeUp 1.8.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WakeUp 1.1 build 8.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wakeboarding Unleashed featuring Shaun Murray demo .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WakiCoolBar for Asp.net 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Walk the Line Screensaver .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Walk the Plank 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WalkThru 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Walking the Las Vegas Strip 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wall 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wall Photo Maker 3.7.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wall Street Financial Assistant 3.04.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wall Street Financial Assistant 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WallCalendar Component for Delphi 3-7 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WallChanger 3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WallFly 1.29.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WallGen 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WallPaper for AOL 1.3.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WallPaperPlus 4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallace & Gromit Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallet 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WalletPhotoScreenSaver 1.0.23.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallop 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Boot Master 2.2.6 DEMO.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Calendar 5.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Changer 1.2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Changer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Changer 7.0.143.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Clock 1.2.02.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Cycler 3.1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Desktop Calendar Living Gallery 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Easy 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Expert 3.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Friend 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Hanger 1.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Magic 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Magic Screensaver Edition 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Manager 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Master Pro 1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Mate 1.07.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Montage 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Photo Show 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Positioner 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Recycler 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Scout 1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Sequencer Lite 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Sequencer Standard 4.5 build 404.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Sequencer Ultra 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Slideshow 1.24.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Swap 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper Switcher .NET 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaper of Ankur Gupta 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WallpaperSpinner 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WallpaperWarp 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallpaperbox 1.4.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wallperizer 1.1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Walls And Balls 0.7.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Walls of Jericho 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Waltograph Font 4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wammu 0.16.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wample 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wan Monitor 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wandering Spider Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WannabeHangman 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WannabeYahtzee 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wantasoft Cycles Calendar 1.0.25.32.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wanted Guns 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wanted Hero Issue 1 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wapicode Contact Manager 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wapicode Photo Manager 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Wapicode SMS Sender 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War Chess 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War Diary demo .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War FTP Daemon 1.7 beta.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War In Ancient Times 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War Times patch 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War Times patch 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War Times patch 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War Wind demo .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War World Tactical Combat Enhanced 1.09.02.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War World Tactical Combat Patch 1.09.02.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War of Conquest 1.27.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War of the Worlds Screensaver .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War of the Worlds Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\War-bucs 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WarBirds demo (full install) .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WarBreeds demo .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WarChess 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\WarDrive ToolBox 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warblade 1.2X.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft II 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft II Animated Cursor 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft II demo.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III The Frozen Throne Gold Rush map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Ice Hunter map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - 2 Rivers Meet map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - 4 Moats map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - 4-Way Bridge map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - A Great Evil map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - A Troll and his Rock map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - AR Christmas PicNic map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - AR Darkness Called map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - AR Natural PicNic map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - AR PicNic for the Holy Grail movie .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - AR The A-Team map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - AR The Weakest Link map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - AR Warcraft II Sea Picnic map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Accordium map 2.0 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - All Out Revolt map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Animal Wars with Arena single player map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Around the Campfire - Once again! map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Artha's Nightmare map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Assassins Quest Chapter 1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Assassins Quest Chapter 2 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Assassins Quest Prologue .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Bandit Fight map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Banditry and Invasion map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Bandits and Cops map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Bar is Maad map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Battle for Abalorn map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Battle for the Fountain map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Battle for the Rhenn Valley map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Battle in Mountains b0.map 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Battle of the Five Armies map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Behlul's map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Beowolf 1, Version 1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Big Bob & Little Bob map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Bilbo's 111th map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Bing Bam Boom map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Broken Trust map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Burning Village map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Cartoons Seasons 1 Episode 1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Castaway map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Castle Brinkerhoff map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Castle Wars 1.7 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Castlemania map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Centaus vs. Quillboars map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Chamber of Bone map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Chaos in the Forest map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Chapter 1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Chapter map 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Chinese Flag v0.1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Cinematic Battle v1.00 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - City of Gloom and Hurting map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Clash of the Titans map 1.01 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Command & Conquer map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Creeps map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Dalaran map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Dark Future map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Dead Center map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Demon Hunters map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Demon Wars - Level 1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Desert Waves map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Desert of Eternal Night map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Destruction at the North Chapter 1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Destruction at the North Chapter 2 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Devil v1.1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Diablo II Act I map 1.1 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Dispotic Ruler map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Donk Episode 1 The Lumber Mill .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Dragon Egg map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Druid's War map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Dungeon Keeper v1.0 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Emperor Baal Super TD v1.00 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Escape to Mushrooms map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Evil Islands Part 1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Exiles The Raging storm map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - FM Vampire Hunters 2.76 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Face the Dungeon map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of Mordor map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of the Lion Epilogue map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of the Lion Episode I map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of the Lion Episode II map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of the Lion Episode III map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of the Lion Episode IV map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of the Lion Episode V map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of the Lion Episode VI map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of the Lion Episode VII map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fall of the Lion Interlude .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Falling Orcs map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Final Battle map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Final Stand 1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Final Stand Introduction map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - For Ever We Rule map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Forest Dawn map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Forging of the Rings map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fort Valmott map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Four Races map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Four Swords map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Frogger map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Frozen Heart Isles map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Frozen Isle map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Fun in the Sun map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Giant Murlocs and Rocks map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Gladiator's War map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Golem Hunt map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Green Swamp map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Grom Hellscream's Burial Cinematic map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Grunt Sea AI map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Helm's Deep map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - How to Find Doodads map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Human Campaign Introduction map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Human Campaign One map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Human Campaign Two map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Human Gate map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Human Level 1 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Human Level map 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Human Level map 3 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Human Level map 4 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Humans vs. Deserters vs. Orcs map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Ice Flood map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Illidan's Plight Part Two map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Illidan's Plight map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Imperial War's Intro .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Infernal Wall v1.0 map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Innocent Elves map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Intermission after Level 1 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Intermission after Level 4 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Into the Eternal Light map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Invasion map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Invasion of Helms' Deep map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Invasor de Bosques map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Isildur's Death map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - Jobs in the Big City map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - King of the Hill map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - LOTR Intro movie .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\my comp\Shared\Warcraft III - LOTR map .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#5
nasa

nasa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here is my log from combo fix
my comp - 06-11-14 11:40:14.98 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\my comp\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *



DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\my comp\Application Data\Dxccwrd.dll
C:\Documents and Settings\my comp\Application Data\Dxcknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Duce6.exe
C:\MTE3NDI6ODoxNg12112006.exe
C:\WINDOWS\system32\tpuninstall.exe
C:\dollarrev.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon
C:\Program Files\Common Files\{34ED0518-05DA-1033-0630-040404160001}
C:\Program Files\Common Files\{44ED0518-05DA-1033-0630-040404160001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET\?icrosoft.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))


2006-11-13 00:01 976 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-11-13 00:00 323,072 --a------ C:\165.exe
2006-11-13 00:00 217,276 --a------ C:\WINDOWS\srvipofr.exe
2006-11-13 00:00 167,936 --a------ C:\WINDOWS\sys101156384024.exe
2006-11-12 16:30 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2006-11-12 15:30 397,312 --a------ C:\WINDOWS\cfg32p.dll
2006-11-09 22:11 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-09 21:56 45,056 --a------ C:\WINDOWS\SYSTEM32\nrnqetwbz.exe
2006-11-09 21:56 135,168 --a------ C:\WINDOWS\SYSTEM32\e0pnii5i6.exe
2006-11-09 12:40 1,284 --a------ C:\WINDOWS\SYSTEM32\ltmde327.sys
2006-11-09 12:39 8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2006-11-09 12:39 217,276 --a------ C:\WINDOWS\srvinwzq.exe
2006-11-09 12:39 167,936 --a------ C:\WINDOWS\win32070241156384.exe
2006-11-09 12:38 28,672 --a------ C:\WINDOWS\SYSTEM32\pfbo0yj.exe
2006-11-09 12:38 0 --a------ C:\WINDOWS\System32nrnqetwbz.exe
2006-10-31 19:57 187,392 --a------ C:\WINDOWS\SYSTEM32\JPGUtils.dll
2006-10-31 19:00 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2006-10-23 12:30 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2006-10-23 12:30 1,706,800 --a------ C:\WINDOWS\SYSTEM32\gdiplus.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-14 11:41 -------- d-------- C:\Program Files\Common Files
2006-11-14 11:36 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-14 02:02 -------- d-------- C:\Program Files\Trillian
2006-11-13 12:34 -------- d-------- C:\Program Files\Lavasoft
2006-11-13 12:34 -------- d-------- C:\Documents and Settings\my comp\Application Data\Lavasoft
2006-11-13 00:01 -------- d-------- C:\Program Files\AdSponsor
2006-11-12 23:33 -------- d-------- C:\Program Files\mIRC
2006-11-12 16:06 -------- d-------- C:\Program Files\BearShare
2006-11-12 14:09 -------- d-------- C:\Program Files\inexplorersch
2006-11-10 10:42 -------- d-------- C:\Program Files\Windows NT
2006-11-10 10:42 -------- d-------- C:\Program Files\Windows Media Player
2006-11-10 01:19 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-09 22:11 -------- d-------- C:\Program Files\Grisoft
2006-11-05 16:40 -------- d-------- C:\Documents and Settings\my comp\Application Data\uTorrent
2006-11-05 12:04 -------- d-------- C:\Program Files\Magic Workstation
2006-11-02 13:55 -------- d-------- C:\Program Files\uTorrent
2006-11-01 14:21 -------- d-------- C:\Program Files\Microsoft Works
2006-11-01 14:21 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-31 21:56 -------- d-------- C:\Documents and Settings\my comp\Application Data\dvdcss
2006-10-31 20:08 -------- d-------- C:\Program Files\Stardock
2006-10-31 20:08 -------- d-------- C:\Program Files\Common Files\stardock
2006-10-31 19:57 -------- d-------- C:\Program Files\WinCustomize
2006-10-23 12:38 -------- d-------- C:\Documents and Settings\my comp\Application Data\ArcSoft
2006-10-23 12:30 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-23 12:30 -------- d-------- C:\Program Files\ArcSoft
2006-10-15 18:49 -------- d-------- C:\Program Files\Incomplete
2006-10-11 12:51 -------- d-------- C:\Documents and Settings\my comp\Application Data\CoreCodec
2006-10-10 22:50 -------- d-------- C:\Documents and Settings\my comp\Application Data\Hamachi
2006-10-09 19:39 15440 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hamachi.sys
2006-10-09 19:39 -------- d-------- C:\Program Files\Hamachi
2006-09-29 12:21 -------- d-------- C:\Documents and Settings\my comp\Application Data\Media Player Classic
2006-09-25 12:37 -------- d-------- C:\Program Files\NetDraft
2006-09-14 13:32 -------- d-------- C:\Documents and Settings\my comp\Application Data\Aim
2006-09-14 13:28 -------- d-------- C:\Documents and Settings\my comp\Application Data\.gaim
2006-09-13 00:09 1110528 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 10:53 561664 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-25 04:14 595968 --a------ C:\WINDOWS\SYSTEM32\xpsp2res.dll
2006-08-16 07:14 95232 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll
2006-08-16 07:14 70656 --a------ C:\WINDOWS\SYSTEM32\ws2_32.dll
2006-08-16 07:14 54272 --a------ C:\WINDOWS\SYSTEM32\ipv6mon.dll
2006-08-16 07:14 31232 --a------ C:\WINDOWS\SYSTEM32\inetmib1.dll
2006-08-16 07:14 13312 --a------ C:\WINDOWS\SYSTEM32\wship6.dll
2006-08-16 04:42 159232 --a------ C:\WINDOWS\SYSTEM32\xpob2res.dll
2006-08-16 04:28 48640 --a------ C:\WINDOWS\SYSTEM32\ipv6.exe
2006-08-16 04:27 83456 --a------ C:\WINDOWS\SYSTEM32\netsh.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aida"="\"C:\\WINDOWS\\DOBE~1\\tracert.exe\" -vt yazb"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\SigmaTel AC97 Audio Drivers\\stacmon.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BCMSMMSG"="BCMSMMSG.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"win32070241156384"="C:\\WINDOWS\\win32070241156384.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"sys101156384024"="C:\\WINDOWS\\sys101156384024.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Windows Media Player\\pofo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows NT\\mecewe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-14 11:45:41.22
C:\ComboFix.txt ... 06-11-14 11:45


thank you everyone for your help
  • 0

#6
nasa

nasa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
im pretty sure this is a result of some sort of virus
  • 0

#7
nasa

nasa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here is the combo fix log
my comp - 06-11-14 11:40:14.98 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\my comp\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *



DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\my comp\Application Data\Dxccwrd.dll
C:\Documents and Settings\my comp\Application Data\Dxcknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Duce6.exe
C:\MTE3NDI6ODoxNg12112006.exe
C:\WINDOWS\system32\tpuninstall.exe
C:\dollarrev.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon
C:\Program Files\Common Files\{34ED0518-05DA-1033-0630-040404160001}
C:\Program Files\Common Files\{44ED0518-05DA-1033-0630-040404160001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET\?icrosoft.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))


2006-11-13 00:01 976 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-11-13 00:00 323,072 --a------ C:\165.exe
2006-11-13 00:00 217,276 --a------ C:\WINDOWS\srvipofr.exe
2006-11-13 00:00 167,936 --a------ C:\WINDOWS\sys101156384024.exe
2006-11-12 16:30 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2006-11-12 15:30 397,312 --a------ C:\WINDOWS\cfg32p.dll
2006-11-09 22:11 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-09 21:56 45,056 --a------ C:\WINDOWS\SYSTEM32\nrnqetwbz.exe
2006-11-09 21:56 135,168 --a------ C:\WINDOWS\SYSTEM32\e0pnii5i6.exe
2006-11-09 12:40 1,284 --a------ C:\WINDOWS\SYSTEM32\ltmde327.sys
2006-11-09 12:39 8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2006-11-09 12:39 217,276 --a------ C:\WINDOWS\srvinwzq.exe
2006-11-09 12:39 167,936 --a------ C:\WINDOWS\win32070241156384.exe
2006-11-09 12:38 28,672 --a------ C:\WINDOWS\SYSTEM32\pfbo0yj.exe
2006-11-09 12:38 0 --a------ C:\WINDOWS\System32nrnqetwbz.exe
2006-10-31 19:57 187,392 --a------ C:\WINDOWS\SYSTEM32\JPGUtils.dll
2006-10-31 19:00 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2006-10-23 12:30 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2006-10-23 12:30 1,706,800 --a------ C:\WINDOWS\SYSTEM32\gdiplus.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-14 11:41 -------- d-------- C:\Program Files\Common Files
2006-11-14 11:36 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-14 02:02 -------- d-------- C:\Program Files\Trillian
2006-11-13 12:34 -------- d-------- C:\Program Files\Lavasoft
2006-11-13 12:34 -------- d-------- C:\Documents and Settings\my comp\Application Data\Lavasoft
2006-11-13 00:01 -------- d-------- C:\Program Files\AdSponsor
2006-11-12 23:33 -------- d-------- C:\Program Files\mIRC
2006-11-12 16:06 -------- d-------- C:\Program Files\BearShare
2006-11-12 14:09 -------- d-------- C:\Program Files\inexplorersch
2006-11-10 10:42 -------- d-------- C:\Program Files\Windows NT
2006-11-10 10:42 -------- d-------- C:\Program Files\Windows Media Player
2006-11-10 01:19 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-09 22:11 -------- d-------- C:\Program Files\Grisoft
2006-11-05 16:40 -------- d-------- C:\Documents and Settings\my comp\Application Data\uTorrent
2006-11-05 12:04 -------- d-------- C:\Program Files\Magic Workstation
2006-11-02 13:55 -------- d-------- C:\Program Files\uTorrent
2006-11-01 14:21 -------- d-------- C:\Program Files\Microsoft Works
2006-11-01 14:21 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-31 21:56 -------- d-------- C:\Documents and Settings\my comp\Application Data\dvdcss
2006-10-31 20:08 -------- d-------- C:\Program Files\Stardock
2006-10-31 20:08 -------- d-------- C:\Program Files\Common Files\stardock
2006-10-31 19:57 -------- d-------- C:\Program Files\WinCustomize
2006-10-23 12:38 -------- d-------- C:\Documents and Settings\my comp\Application Data\ArcSoft
2006-10-23 12:30 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-23 12:30 -------- d-------- C:\Program Files\ArcSoft
2006-10-15 18:49 -------- d-------- C:\Program Files\Incomplete
2006-10-11 12:51 -------- d-------- C:\Documents and Settings\my comp\Application Data\CoreCodec
2006-10-10 22:50 -------- d-------- C:\Documents and Settings\my comp\Application Data\Hamachi
2006-10-09 19:39 15440 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hamachi.sys
2006-10-09 19:39 -------- d-------- C:\Program Files\Hamachi
2006-09-29 12:21 -------- d-------- C:\Documents and Settings\my comp\Application Data\Media Player Classic
2006-09-25 12:37 -------- d-------- C:\Program Files\NetDraft
2006-09-14 13:32 -------- d-------- C:\Documents and Settings\my comp\Application Data\Aim
2006-09-14 13:28 -------- d-------- C:\Documents and Settings\my comp\Application Data\.gaim
2006-09-13 00:09 1110528 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 10:53 561664 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-25 04:14 595968 --a------ C:\WINDOWS\SYSTEM32\xpsp2res.dll
2006-08-16 07:14 95232 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll
2006-08-16 07:14 70656 --a------ C:\WINDOWS\SYSTEM32\ws2_32.dll
2006-08-16 07:14 54272 --a------ C:\WINDOWS\SYSTEM32\ipv6mon.dll
2006-08-16 07:14 31232 --a------ C:\WINDOWS\SYSTEM32\inetmib1.dll
2006-08-16 07:14 13312 --a------ C:\WINDOWS\SYSTEM32\wship6.dll
2006-08-16 04:42 159232 --a------ C:\WINDOWS\SYSTEM32\xpob2res.dll
2006-08-16 04:28 48640 --a------ C:\WINDOWS\SYSTEM32\ipv6.exe
2006-08-16 04:27 83456 --a------ C:\WINDOWS\SYSTEM32\netsh.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aida"="\"C:\\WINDOWS\\DOBE~1\\tracert.exe\" -vt yazb"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\SigmaTel AC97 Audio Drivers\\stacmon.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BCMSMMSG"="BCMSMMSG.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"win32070241156384"="C:\\WINDOWS\\win32070241156384.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"sys101156384024"="C:\\WINDOWS\\sys101156384024.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Windows Media Player\\pofo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows NT\\mecewe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-14 11:45:41.22
C:\ComboFix.txt ... 06-11-14 11:45





here is the hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 11:30:33 PM, on 11/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\win32070241156384.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\win32094115638402.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\my comp\My Documents\antivirus\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [win32070241156384] C:\WINDOWS\win32070241156384.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [sys101156384024] C:\WINDOWS\sys101156384024.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [win32094115638402] C:\WINDOWS\win32094115638402.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\DOBE~1\tracert.exe" -vt yazb
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
  • 0

#8
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
nasa - please stick to this topic - click Add Reply NOT New Topic when responding.
  • 0

#9
nasa

nasa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
i apologize for that,
so what is my next step?
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi nasa,

Trevuren has a full plate right now, so I'm going to be assisting you the rest of the way. As Daemon has explained, please only respond into this thread when posting new information and logs.

You have something new in your log that I'd like to get a copy of for further analysis.
Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "AdSponsor.dll"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:
    • C:\Program Files\AdSponsor\AdSponsor.dll
  • Click Open.
  • Click Post.
Thank you!


Let me know once this file has been submitted and we'll proceed with your fix.
  • 0

Advertisements


#11
nasa

nasa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Buckeye Sam
they said there was nothing there to do
so where from here?
  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Since your last hijackthis log is about a week old, let's take a look at a new one. There's a lot that can change in that time.
  • 0

#13
nasa

nasa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here ya go

Logfile of HijackThis v1.99.1
Scan saved at 9:29:11 AM, on 11/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\win32094115638402.exe
C:\WINDOWS\win32082411563840.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\my comp\My Documents\antivirus\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [win32094115638402] C:\WINDOWS\win32094115638402.exe
O4 - HKLM\..\Run: [win32082411563840] C:\WINDOWS\win32082411563840.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\DOBE~1\tracert.exe" -vt yazb
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
  • 0

#14
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [win32094115638402] C:\WINDOWS\win32094115638402.exe
O4 - HKLM\..\Run: [win32082411563840] C:\WINDOWS\win32082411563840.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\DOBE~1\tracert.exe" -vt yazb



=============


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\Duce6.exe
    C:\WINDOWS\win32094115638402.exe
    C:\WINDOWS\win32082411563840.exe
    C:\Program Files\webHancer\Programs\whagent.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.

=============



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


Also post a new hijackthis log.
  • 0

#15
nasa

nasa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
forgot to save the log from the online clean but it cleaned all the objects found

but here is my new hijack log, what do you need next (all the pop ups have stopped now)

Logfile of HijackThis v1.99.1
Scan saved at 11:16:57 PM, on 11/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\my comp\My Documents\antivirus\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP