Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

helpp my othe pc is infected [RESOLVED]


  • This topic is locked This topic is locked

#1
boy9enius08

boy9enius08

    Member

  • Member
  • PipPip
  • 77 posts
heres my hijack this log i need some help its gettin messed up quick





Logfile of HijackThis v1.99.1
Scan saved at 10:36:32 PM, on 7/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\tzfmqq.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\xxxxx\Desktop\hijack this\modules.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\DOCUME~1\xxxxx\LOCALS~1\Temp\6.tmp\THNALL~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {A90705E3-FC68-76E1-C052-355A9A1B4C78} - jopplerg.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MCI File Sync] C:\Program Files\Myson Century, Inc\CS8818 File Synchronization Program\Filesync.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
O4 - HKLM\..\Run: [jopplerg] ERTYDF.exe
O4 - HKLM\..\Run: [vxdman] Kargo.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [rncrym] c:\windows\system32\tzfmqq.exe r
O4 - HKLM\..\Run: [dmxgh.exe] C:\WINDOWS\System32\dmxgh.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [Bogobot] XTermInit.exe
O4 - HKCU\..\Run: [ExchangeMaster] ActionScr.exe
O4 - HKCU\..\Run: [syspanel] stuffmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.83...hm::/update.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120582738238
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{12022511-5F6F-4CF0-9652-8528C74B9767}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D60716D-6159-4BC1-AA37-5533190E8C71}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E54FD520-017B-4748-857B-7E8638407932}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E970CC75-ED84-448D-8184-019B0912E03E}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS3\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O18 - Filter: text/html - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O18 - Filter: text/plain - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

Advertisements


#2
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi boy9enius08

As a underclassman this should be your first steps.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
boy9enius08

boy9enius08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
What if i already have Service Pack 2 how would i delete that and whats the difference
  • 0

#4
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Ok good question:

Are you still in the Geek U program?

The people dedicated to helping you through training will be able to answer that and many more questions like it. I suggest you visit them for that answer. :tazz:

Edited by John_L, 23 July 2005 - 11:16 AM.

  • 0

#5
boy9enius08

boy9enius08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
iight thanx well i switched to service pace 1a like u told me to and heres my new hijack log yea im still in the geek u im a lil slow at it cause i gotta get my other pc cleaned off cause its infected summoned workin on it i guess i poset the other one 3 days ago must b serious



heres the log


Logfile of HijackThis v1.99.1
Scan saved at 2:16:50 PM, on 7/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\windows\system32\ooorlw.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Myson Century, Inc\CS8818 File Synchronization Program\Filesync.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Documents and Settings\xxxxx\Desktop\hijack this\modules.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\msiexec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {A90705E3-FC68-76E1-C052-355A9A1B4C78} - jopplerg.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MCI File Sync] C:\Program Files\Myson Century, Inc\CS8818 File Synchronization Program\Filesync.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
O4 - HKLM\..\Run: [jopplerg] ERTYDF.exe
O4 - HKLM\..\Run: [vxdman] Kargo.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ctlgmrs] c:\windows\system32\ooorlw.exe r
O4 - HKLM\..\Run: [dmmrl.exe] C:\WINDOWS\System32\dmmrl.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [Bogobot] XTermInit.exe
O4 - HKCU\..\Run: [ExchangeMaster] ActionScr.exe
O4 - HKCU\..\Run: [syspanel] stuffmon.exe
O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120582738238
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{12022511-5F6F-4CF0-9652-8528C74B9767}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D60716D-6159-4BC1-AA37-5533190E8C71}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E970CC75-ED84-448D-8184-019B0912E03E}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O18 - Filter: text/html - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O18 - Filter: text/plain - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

#6
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Ok good this is what comes next.

Download this tool, and run it.

Restricted Zones Remover
(once downloaded right-click on DelDomains.inf and select: Install.
This will remove all entries in the "Trusted Zone" and "Ranges")

After that please download the Ewido Security Suite (trial version) from here :

http://www.ewido.net/en/download/ ...and install it. Update to the newest definitions. Do not run this yet

You will have to boot into safe mode to run ewido. Here's a link to a quick tutorial if your not sure how to do that.

Reboot your computer in safe mode

Run ewido in safe mode only, then reboot and send the ewido log and a new hijack log please. :tazz:
  • 0

#7
boy9enius08

boy9enius08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
here

Edited by boy9enius08, 24 July 2005 - 11:31 AM.

  • 0

#8
boy9enius08

boy9enius08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
heres my new logs sorri it took so long



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:02:07 PM, 7/24/2005
+ Report-Checksum: 9602F375

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0A1D22C3-37BE-470C-9C29-E3074EE0574B} -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{90CCDCB0-C9E5-4DC0-B791-A1111D37AF9D} -> Spyware.iLookup : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{967B8A74-4063-49AB-95D4-E3D25308EC66} -> Spyware.iLookup : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FAB925C1-16B6-4DE1-BFCA-880FBEAFE584} -> Spyware.iLookup : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FB3DAA1E-3236-4B43-9C19-64F57EB9C019} -> Spyware.iLookup : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-746137067-920026266-854245398-1003\Software\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-746137067-920026266-854245398-1003\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-746137067-920026266-854245398-1003\Software\WareOut\Options -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-746137067-920026266-854245398-1003\Software\WareOut\Registration -> TrojanDownloader.Wareout : Cleaned with backup
C:\Uploads\ DVDComposer v1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ MEDA CD Ripper v2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ AceBackup 2004 v2.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ Bingo DVD Audio Ripper v3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ DVDInfoPro v4.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ Handy Backup v4.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\#1 Video Converter 3.8.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Uploads\007 Spy Software 3.32.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\123 CD Ripper v2.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\190 Photoshop Brushes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\2 Beautiful Lesbians.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\2 Blonde Teens [bleep] a Huge [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\3D Studio MAX 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\3D Ultra Pinball Thrillride.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\3ds Max V7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\50 Cent - In Da Club-Music Vid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\8 in 1 Complete System Maintenance.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\9 Albums MP3 Downloads.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\A-Mac Address Change v3.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ABBYY ScanTo Office 1.0 Multi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ABIX 6.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ABIX v6.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Access To MSSQL v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Access2MySQL Pro v4.3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ACD Systems Canvas X Build 885.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ACDSee 7.0.102 PowerPack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AceFTP 3.01 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AcqURL v7.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Acronis Disk Director Suite v9.0.537.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Acronis DriveCleanser 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Acronis OS Selector 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Acronis PartitionExpert 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Acronis Power Utilities 2004 Build 502 Retail.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Acronis Privacy Expert Suite 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Acronis True Image 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Active Port Pro v1.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ad-aware 6.0 build 181.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ad-Aware all-in-one 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ad-Aware SE Plus Corporate Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ad-Aware SE Professional Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AddWeb Web Page Promoter Pro v7.2.8.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe After Effects 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Creative Suite 2 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Creative Suite 2 Premium Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Encore DVD 1.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Encore DVD 1.5 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe GoLive CS2 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Illustrator CS2 v12.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Pagemaker 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Photoshop CS 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Photoshop CS Classroom In A Book.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Photoshop CS2 v9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe Premier Pro 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe ships Creative Suite 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Advanced Net Monitor For Classroom(hot).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Advanced RAR Password Recovery 1.52.48.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Advanced Uninstaller Pro 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Advanced X Video Converter 3.9.32.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adware Spyware Removal 5.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adóbe Photoshop CS2 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Agnitum Outpost Firewall Pro 2.7 Build 485412 (5401).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Agnitum Outpost Firewall v2.7.485.412.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ahead Nero Burning ROM v6.6.0.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ahead Nero Media Player v1.4.0.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ahead Nerovision Express 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ahead NeroVision Express v3.1.0.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ai RoboForm v6.3.96.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Alcohol 120% 1.9.5.2722.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Alcohol 120% v1.9.5.2802.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Alein Vs. Predator 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Alexander.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Alicia Rhodes & Her Big Perfect Tits.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\All Cleaner 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\All Microsoft Appz.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\All MindSoft products.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\All Sound Recorder XP v2.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Alo Audio CD Ripper 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ALO Audio CD Ripper v1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\American Civil War Gettysburg.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Antenna Web Design Studio v1.5.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AnyDVD 5.1.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AnyDVD 5.2.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AnyDVD 5.2.4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AOL Instant Messenger 5.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Apycom Java Menus and Buttons v5.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Apycom Java Menus And Buttons.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Area 51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Arturia CS-80V v1.5 -H20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ashampoo UnInstaller Platinum 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Asmw Tweak 2004 1.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ATI Catalyst 5.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Audio Editor Gold 7.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AutoCAD 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AutoCAD 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Autodesk AutoCAD 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Autodesk AutoCAD 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Autodesk AutoCAD Electrical v2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Avant Browser 10.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Backup Magic v1.6.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Bad CD Repair Pro 3.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Bad Cd Repair Pro v3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Battlefield 1942.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Battleship Surface Thunder.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\BearShare 5.1.0 beta 13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Bearshare PRO link.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\BeFaster v3.54.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\BlackICE Protection.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Blade Trinity WS DVDSCR XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Blender 2.37a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Blood IIthe Choosen.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Bobcad-cam And Bobart 20.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\BOBCAD-CAM AND BOBART V20.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Boiling Point Road to [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\BootXP 2.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Bowl101-IX v1.6.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\BulletProof FTP Server v2.4.0.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Busty adventures.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\BySoft FreeRAM 4.0.4.167.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\BySoft InternetPal 3.1.2.168.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ByteBack Datarecovery v3.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Cakewalk Pro Audio v9.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Carmen Electra- Playboy DVD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Championship Manager 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Cinema 4D v.9.0 Full.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\CleanCenter 1.35.02 Full Setup.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\CleanCenter 1.35.08.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Clipboard Express Pro v3.1.13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\CloneCD 5.0.4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\CloneCD 5.2.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\CloneDVD 2.8.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\CloneDVD v3.0.2.5 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Cold.Fear-MYTH.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Colin McRae Rally 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\College Brunette [bleep]ed In Dorm.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ColorImpact 2.7.1.366.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Commandos 3 Destination Berlin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Con-Air.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Cool File Encryption 2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Corel Designer 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Corel WordPerfect Office 12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\CorelDRAW Graphics Suite 12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\CryptoNote v2.4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\CSI Crime Scene Investigation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Cum swallower teen taking blo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\D-DAY.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Daemon Tools v3.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Dangerous Waters - HOODLUM.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\danish teen babysitter.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Datacad v11.07.00 (cad software).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Dead Man's Hand.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DeadLine 2.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Def Leppard - Pyromania.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Desktop Clock 3.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Desperate Housewives (all episodes).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Diet Tracker v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Digital Sound Recorder 3.2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Digital Sound Recorder V3.2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DirectX 9.0 SDK Update - April 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DirectX 9.0b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Discreet Combustion 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Disk Cleaner.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Disk Explorer Professional v3.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Diskeeper 9 Professional v9.0.524.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Diskeeper v9.0.524 ProServer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DiskExplorer for FAT 2.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DiskMonitor 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Divx Div Fix Joiner 2.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Doom 3 FiNAL iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Download Accelerator Plus 7.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Download Accelerator Plus 7.4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Download Accelerator Plus 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Dream-Soft Flash Screen Saver Builder v1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DSL Speed 2.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Dungeon Lords.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVD Encoder.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVD Identifier 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVD Mate Professional 2.7.5.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVD Region+CSS Free 5.61.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVD To DVD Copy 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVD To DVD Copy v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVD X Copy Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVD X-Copy Xpress.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVDBuilder 2.1 build 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DvdComposer v1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVDFab Platinum Edition 2.89.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVDIdle Pro 5.89.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVDX Platinum 2.0.0.32.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Easy Media Creator 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Easy MP3 Sound Recorder v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Easy Real Converter v1.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\EasyImage Batch v1.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\eBooks Building Cisco Remote Access Net.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\eBooks Comptia Security + StudyGuide.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\eBooks Hackers Delight.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\eBooks Hacking a Terror Network.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\eBooks How To Do Everything With Office.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\eBooks PHP 5 Power Programming.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\eBooks PHPMySQL Programming for Beginn.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\eBooks Teach Yourself PHP MySQL,Apache.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Eminem-White America-Music Vid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Eminem_feat_Dido - Stan(snl).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\EMS PostgreSQL Manager 3.0.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Enhanced Uninstaller 4.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Enhanced Uninstaller v4.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Equalizer 1.77.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Error Fixer 3.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\EShopper Deluxe v2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Everest Home Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\EverNote 1.0 1.00.4.119.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ewido Security Suite Plus v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Excel to PDF Converter v3.0.052405.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ExplorerXP 1.06-(Nice File Manager).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Exsate VideoExpress 1.0.2.121.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Extra Drive Creator Professional 4.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Eye Candy 5.0 Nature.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\EZ Soft Audio Recorder Pro 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\EZ Soft Audio Recorder Pro v3.01b1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\EZ Soft MP3 Audio Converter v1.71b1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\EZ Soft MP3 CD Ripper v1.71b1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FairStars Recorder.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FASTCAD V7.13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\few game, GTA 3 VC CSI_Crime.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FIFA 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\File Scavenger v3.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\File Securer 3.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\File Securer v3.75.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\File Securer v3.76.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FireGraphic 7.0.705.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Firegraphic 7.0.714.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\First Time Swallows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Flash Decompiler 2.0.0.231.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Flash Saver Gold v5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Flash Web Design The Art Of Motion Graphics.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FlashFXP 3.2.0.1080.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FlashFXP v3.2.0.1080.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FlashFXP v3.20.1080.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FlashGet v1.65.1 Full.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FlatOut.Multi-TECHNiC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Floppy Zip Disk Rescue v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Focus Photoeditor 4.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Forward Software ShowMe v1.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Forza Motorsport.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\FotoStation Pro v5.1.53.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Freddy Vs. Jason (Divx).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GameHike 1.6.13.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GameJack 5.0.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GatherBird Setup Creator v1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Genie Backup Manager Pro 6.0.0.1621.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GetRight 5.2c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GFI LANguard Network Security Scanner v6.0.20050531.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GForce Gold 2.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Girl suck big [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Girls Gone Wild - Dorm Room 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Give me second [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Global Mapper v6.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Gran Turismo 4 PS2.DVD iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Grand Theft Auto San Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Grand Theft Auto Vice City.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GTA San Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GTA Vice City (PC).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GTA.San.Andreas.CloneDVD-MDeth.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\GTA.San.Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Guild Wars - Final Ed..zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hackers Toolkit Suite 2005 FOSI toolkit 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hackers ToolKit Suite 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\HalfLife 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hard Drive Inspector v1.3 Build 840.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hard Truck 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hardcore sex on the beach.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\HDD Regenerator 1.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\HDX4 Movie Creator 1.5.1.608.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hermetic Stego v5.17d.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hide Files And Folders v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hide IP Platnium 1.33 Crack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hide Window Now 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\HiDownload 6.4 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\HiFi Audio Stream 2.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hitman Contracts [New link].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Home Plan Pro 4.6.37.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Homemade sex videos.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\hostSurf Pro 2005 Platinum 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hot anal sex.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hot latin hardcore sexxx.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Hot mom have sex with teacher.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Housatonic Outlook MS Project Connector.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\HTML Optimizer Pro v4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\HTML To PHP Converter v4.2.1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\HyperSnap-DX 5.62.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\iCarousels Visual Web 01.02.06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\IncrediMail Xe 1812.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\IncrediMail Xe 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\IncrediMail XE Premium v4.00 Build 1888 Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\IncrediMail Xe v4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Inet-Researcher v2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ink Saver v2.0(COOL PROG).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\InnovaStudio WYSIWYG Editor v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Internet Mail v2.21.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\IP Address Changer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ISOpen 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ITefix Remote Access v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ITUncles UncleOra for Oracle v1.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\JimsQuest NFL Woofpool 2005 v10.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Jordan Capri - [bleep]ed in public bathroom.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Just Over 18 - Behind The Scenes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kaspersky Anti-Virus Personal Pro 5.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kaspersky Antivirus Personal 5.0.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kaspersky Antivirus Personal 5.0.277.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Katrina Kraven gets [bleep] [bleep]e.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kaylynn POV Blowjob.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kazaa Gold Premium Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kazaa GoldPremium(pass moonoi.tk).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kazaa Speedup Pro 2.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\KC Softwares K-ML.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\KeePass Password Safe 1.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\KeepTool v6.2517.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kerio WinRoute Firewall 6.0.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Kicking And Screaming SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Krystal First Time [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Lacey Barnes [bleep]s A Huge [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\LanHelper v1.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Learn at big mum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Led Digital Clock 1.15.011.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Legend Of Mir.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Lego Star Wars PROPER - RELOADED.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Lesbi sex-show.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Light Alloy 3.3 (build 5625).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Likno Web Button Maker v1.2.0.100.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Linux Red Hat 7.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Longhorn Transformation pack 10.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Lost Vikings 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ludacris - The Red Light District.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Macromedia Contribute 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Macromedia Director 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Macromedia MX Studio - RETAIL-.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Macromedia MX Studio.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Madagascar-VACE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Magic Folders XP 04.01.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Magic Swf2Gif v1.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Magic Utilities V2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MAGIX Samplitude V8 professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Mandrake 10.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Mathematically Beautiful Screen Savers All Products.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MBSS Starfields v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\McAfee AntiVirus & Firewall.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MCAFEE complete 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\McAfee Internet Security Suite 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\McAfee VirusScan 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\McAfee VirusScan v9.1.8 Retail.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\McAfee VirusScan v9.1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MediaMonkey 2.4.862 RC1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Mercurius 1.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Microsoft Encarta 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Microsoft Java VM.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Microsoft Office XP 2003 key.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Microsoft Office XP Pro Including SP2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Microsoft Windows XP SP 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Midnight Club 3 DUB Edition W-ALL.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Midnight Club 3 DUB Edition WinALL.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Midnight Outlaw 6 Hours To Sun Up.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Miko Lee and Sana Fey.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Mind-Soft Utilities.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MindSoft Utilities XP 8.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MixMeister Pro 6.0.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Mobile Net Switch v2.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Monopoly Tycoon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Mortal Kombat 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Moto GP 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MOV Converter 1.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Movie Downloader v1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MovieJack v3.09.304.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MP3 Alarm Clock 1.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Mr and Mrs Smith.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MR-Win6530 8.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MR-Win6530 v8.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ms Pac Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MultiBatcher.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Multiquence v2.53.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Music DVD Creator 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\MusicMatch Jukebox.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\My DVD Maker v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\My friend [bleep] my mom.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\My wife with [bleep]s with my fr.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\NASCAR SimRacing.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\NBA_Live2005-_TECHNiC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nero Burning ROM 6.6.0.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nero Burning ROM v6.6.0.14 Ultra Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nero Burning ROM v6.6.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nero CD-DVD Speed 4.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nero Mediaplayer 1.4.0.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nero MediaPlayer v1.4.0.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom Bad Dudes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom Bubble Bobble.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom CT Special Forces.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom Double Dragon II.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom Double Dragon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom Dr. Mario.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom Excite Bike.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom Final Fantasy II.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom Final Fantasy III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nes Rom Final Fantasy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Netobjects Fusion 8.00.5030.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\NetScream 1.6.13.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\NewsReactor v1.0.8936.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nexagon Deathmatch.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\NFL Ferret 2005 v8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nicky Reed [bleep] and Suck.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nitro PDF v1.77.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\nLite 1.0 beta 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\No1 DVD Ripper 1.3.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\No1 Flash Slideshow v1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nod32 v2.50.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Norton Anti Virus 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Norton Anti-Spam 2004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Norton AntiVirus 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Norton Partition Magic 8.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Norton Personal Firewall.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nuker spyware removal v3.03.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Nyomi Arman [bleep]s Monster [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\O&O Defrag Professional 6.5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\O&O DiskRecovery 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\O&O Defrag Professional 6.5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\O&O DiskRecovery 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Offline Explorer Enterprise v3.7.198.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\OHTrader v5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Old woman have sex with black.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Online TV Player + crack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Online TV Player v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Opera 8.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Opera.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\OrangeCD Suite v5.2.0.7523.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Outpost Firewall Pro 2.7.485.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Outpost Firewall Pro v2.7.485.412.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Panda Platinum Internet Security 2005 Key.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Panda Platinum Internet Security 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Panda Titanium Antivirus 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Paris Hilton Sex Tape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Passion Of The Christ.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Password Depot 2.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Password Manager XP v2.0.281.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PC AdWare SpyWare Removal v1.98.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PC Answering Machine Pro v2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PC Bug Doctor 1.0.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PC Cillin Internet Security 2005 12.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PC Repair 2005 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PCHeal 1.6.13.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PCThrust 1.6.13.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PDF machine 9.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Penta Classic Game v1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Personal Inspector 4.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PhatBooster 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Photo Frame Maker v2.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Photo Pos Pro 1.13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Photo Pos Pro v1.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Photo2DVD Studio v4.1.0.46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PhotoDVD v2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PHP EMail Form Processor Pro v4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Pink girl have orgasm.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Pinnacle TitleDeko Pro 2.0.1634.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Pivot Stickfigure Animator.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Planet Earth 3D Screensaver v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Playboy The Mansion Myth RIP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Playboy The Mansion.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PlexTools Professional XL 3.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PluckIt v9.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Pop up Blocker Pro Rich-Media Ads Edition v5.0j.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Pop up Blocker Pro v7.0.5j.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Pop up Blocker Pro v7.0.5k.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Pop Up Monster 2004 1.2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\[bleep] Amatoriale-Cinquantenni in calore.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Power Video Converter 1.3.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PowerArchiver 2004 9.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Primasoft Deluxe Series All Products v2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Prince of Persia The Sands of Time.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Prince of Persia Warrior Within.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PromiScan 3.0.8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PromoSoft v1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ProShow Gold 2.5.1635.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Psychonauts - HOODLUM iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Psychonauts-TECHNiC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PurgeFox v2.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Queen of BIG tits.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Quicktime 6.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\RAID Reconstructor 2.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\RAR Password Cracker 4.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Real Spy Monitor 2.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Real-DRAW Pro 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\RealPlayer 10 Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\RealPlayer v10.5 Gold Edition Retail.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\RedHat 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Reg Organizer 2.0 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\RegAuditor 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ReGet Deluxe 4.1a build 246.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Registry CheckUp 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Registry Mechanic 3.0.3.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Registry Medic 3.01 Build 408.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Remote Admin 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Remote Administrator 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\RestoreIT 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Return To Castle Wolfenstein.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Rising Kingdoms.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Robo-FTP 2.1.2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Rocchetta Label Maker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Roxio Easy Creator 7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Rugby 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Sail Simulator 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Sail Simulator 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SBMAV Disk Cleaner 2.38.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SecureCRT v4.1.11.297.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Sega's Virtua Cop.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Selteco Menu Maker 4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Selteco Menu Maker v4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Serials 3000 V.1.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Serials 3000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Sharkgen V1.0.89.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Shell Search v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Shopping Cart Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Sim Girls 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Six Sigma Way Quality Management.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Slave Zero.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Slick for Windows v8.5.001.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Slideshow Pro 9.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Slots Frosty 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Slots Frosty v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SLVc0reProtector 4 PE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SlySoft AnyDVD 4.3.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Smart Projects IsoBuster Pro v1.8.0.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Smart Protector Pro v4.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Smart Video Converter 1.5.37.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Smart Video Converter v1.5.37.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SMS Create Pro 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SolarSys Disk Shadow v7.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Solitare Suite 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Sonic Adventure DX.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\South Park - 807 The Jeffersons.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\South Park - 808 - Goobags.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\South Park 709 - Christian Hard Rock.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\South Park-410 Cartmans Silly Hate Crime.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Southpark (complete).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Space Odyssey Robot Pioneers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SpamButcher v1.6c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SpeedUpMyPC 2.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Splinter.Cell.Pandora.Tomorrow.-TECHNiC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Spy Kill Deluxe Edition v2.3 (latest).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Spy Kill Deluxe Edition v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Spyware Doctor 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Spyware Nuker 2005 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SQL Pretty Printer 1.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SQL Pretty Printer v1.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SSH Tectia Client 4.30 Build 46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SSH Tectia Client v4.30 Build 46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SSH Tectia Connector v4.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SSH Tectia Server 4.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SSH Tectia Server v4.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Stagetools Movingchart 1.04a,.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Star Wars Episode III Revenge of the Sith SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Star Wars Jedi Academy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Star Wars Republic Commando.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\StarCraft+StarCraft Broodwar.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Stardock Multiplicity 1.01 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Startwrite 5.0.153.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Startwrite v5.0.153.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\StealthDisk v2005.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Steganos Internet Anonym Pro v7.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Steganos Safe 7.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Steinberg Cubase SX v2.2.0.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Steinberg MyMp3PRO v5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Steinberg Nuendo v2.1.2.28 incl Surround Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Steinberg Nuendo v3.0.2.623.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Steinberg WaveLab v5.01a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\StepAhead AnFX v5.2.6.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\StompSoft StealthSurf X-treme.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\StreamPix v3.16.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Street Tennis.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\StyleXP 3.09 KeyGen.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Suck&[bleep] black [bleep].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Sun Java Studio Enterprise 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Super Collapse! II Platinum 1.005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Super Collapse! II Platinum v1.005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Super Video Converter 1.7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Swedish girl have orgasm on t.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\SWF Studio v2.2.158.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Swf to Mp3 Converter v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Syberia 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Symantec Client Security v2.0.3 RiP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Symantec Norton Ghost 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Symantec Norton SystemWorks 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Symantec PCAnywhere v11 CORP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\System Maintence(passUpdatesofts.com).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\System Mechanic 4.0J.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\System Mechanic Pro 5.zip/Setup.exe -> Worm.VB.a
  • 0

#9
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
ok now i need a hijack log please.
  • 0

#10
boy9enius08

boy9enius08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
heres the rest


C:\Uploads\System Mechanic Professional 5.5a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Systerac XP Tools 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Taxi 3 Extreme Rush (Pc) iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Taxi 3 eXtreme Rush.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Taylor Rain Drippng Cum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\TeamTalk 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Teen Anna's Sex.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Teleport Pro v1.32.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Amityville Horror XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Bat! 3.5.26 Professional Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Bat! Professional 3.5.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Incredibles DVDRip XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Pacifier.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Punisher.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Settlers IV.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Sims 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The Sims Vacation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\The_Day_After-VENGEANCE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Thief 3 Deadly Shadows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Tiny Firewall 2005 PRO v6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Tony Hawks Underground 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Top 4 AIO Firewall.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Topee CD Ripper 1.2.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Topee CD Ripper v1.2.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Torrent Searcher 5.0 RC1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\TracePlus®Win32 v3.60.000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Tracker 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\TrackMania Sunrise (FiNAL).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Trailer Park Tycoon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Transformers The Movie.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Trash It 1.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\TrojanHunter 4.2.908.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\True Image Enterprise Server.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\TuneUp WinStyler 4.1.2420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\TuneUp WinStyler 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Turbo Photo 4.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\TweakMASTER 2.04 build 764.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\TweakMASTER 2.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Twisted Metal 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Tycoon Loopy Landscapes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ulead MediaStudio Pro 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ulead Photo Explorer 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ulead Video Studio 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Ultra Video Splitter v3.2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\UltraISO 7.5.1.965.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\UltraMon v2.6 (updated ver).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\UltraMon v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Uplink Hacker Elite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\URLBase Professional Edition V5.5.0.880.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\USBTrace 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\VBulletin v3.0.0 Retail.SPYFIXED.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Vexira Antivirus 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Vextractor 2.60 (Raster to Vector).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Video Vault 3.0.0.0149.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Video Vault v3.0.0.0149.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\VideoCharge Professional 3.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\VideoCharge Professional v3.1.2.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\VideoCharge Professional v3.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Visual Business Cards.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Volko Baglama VSTi v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\VSO Blindwrite 5.2.10.142.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\VueScan Professional Edition v8.1.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Warez P2P 2.8 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Warez P2P.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Weather Pulse 2.05 Build 22 Beta.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Web Builder Deluxe v2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Web Site Maestro v4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\webcamXP pro 2.16.485.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WebZIP 7.0.1.1028.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WebZIP v7.0.1.1028.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Win2PDF v2.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Win32Whois 0.9.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Winamp 5.092 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinASO Registry Optimizer 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WindowBlinds v4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\windows 2000 Professional With Sp4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Windows 2003 with SP1 8in1 serial.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Windows XP 64-bit PRO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Windows XP Pro 64 Bit.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Windows XP Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Windows XP themes 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Windows.XP.Pro.Corp.64BIT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinDVD Platinum v6.0.B06.128C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinGuard Pro 2004 5.6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinGuard Pro 2005 5.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinGuard Pro 5.731.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinRar 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinRAR 3.42 Crystal.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinRAR 3.50 Beta 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinRAR 3.50 Beta 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinSettings 2005 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinXP Manager 4.90.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinZip 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinZip 9.0 SR1 Build 6224.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinZip 9.0 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinZip 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WinZip Password Cracker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Woman calendar 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Word2tex v 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Workstation 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\World of Warcraft iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\WS FTP Pro 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\X Video Joiner 1.9.73.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\X-NetStat Professional 5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\XAimer 2.6.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\XARA 3D 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Xara Webstyle 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Xara WebStyle 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Xilisoft Audio Converter 2.0.35.526.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\XoftSpy 4.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Xpy 0.8.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Your Uninstaller 2004 Pro 3.9.517.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\YourPIM v1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Zip Repair Pro v2.1.0.30 (latest).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Zip Repair Pro v2.1.0.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ZipZag.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Zone Alarm.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ZoneAlarm Pro 5.5.062.011.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ZoneAlarm® 6.0.591.000 Beta Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\ZTreeWin 1.49.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\bwedddcyj.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Canada.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mp3.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\v3.dll -> TrojanDownloader.Small.xo : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\mp3.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\v3.dll -> TrojanDownloader.Small.xo : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\mp3.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\v3.dll -> TrojanDownloader.Small.xo : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\mp3.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\v3.dll -> TrojanDownloader.Small.xo : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\mp3.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\mp3.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\mp3.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\mp3.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\mp3.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\win32.exe -> TrojanDownloader.Small.aqu : Cleaned with backup
C:\WINDOWS\inst\3p_1.exe -> TrojanDownloader.Dyfuca.du : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\7my8bxords.dll -> TrojanDownloader.Small.amg : Cleaned with backup
C:\WINDOWS\system32\crebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\crebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\WINDOWS\system32\csbyc.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\WINDOWS\system32\drivers\delprot.sys -> Trojan.Delprot.a : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll_tobedeleted -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\drv2cltr.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\WINDOWS\system32\e2h1mur6uhez.dll -> TrojanDownloader.Small.amg : Cleaned with backup
C:\WINDOWS\system32\hgpedh.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\hgqhp.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\WINDOWS\system32\ntfsnlpa.exe -> Spyware.Msnagent : Cleaned with backup
C:\WINDOWS\system32\own.exe -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\system32\podrnodzone.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\protect.exe -> TrojanDownloader.Agent.nr : Cleaned with backup
C:\WINDOWS\system32\rdsndin.exe -> Spyware.FindSpy : Cleaned with backup
C:\WINDOWS\system32\sefe.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
C:\WINDOWS\system32\shell32.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\username.exe -> TrojanDownloader.Agent.gd : Cleaned with backup
C:\WINDOWS\system32\v5h5udzj6jn60.dll -> TrojanDownloader.Small.amg : Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\thin-149-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup


::Report End




Logfile of HijackThis v1.99.1
Scan saved at 1:23:25 PM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\xxxxx\Desktop\hijack this\modules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {A90705E3-FC68-76E1-C052-355A9A1B4C78} - jopplerg.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MCI File Sync] C:\Program Files\Myson Century, Inc\CS8818 File Synchronization Program\Filesync.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
O4 - HKLM\..\Run: [jopplerg] ERTYDF.exe
O4 - HKLM\..\Run: [vxdman] Kargo.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dmdrv.exe] C:\WINDOWS\System32\dmdrv.exe
O4 - HKLM\..\Run: [lsnlij] c:\windows\system32\pyugwg.exe r
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [Bogobot] XTermInit.exe
O4 - HKCU\..\Run: [ExchangeMaster] ActionScr.exe
O4 - HKCU\..\Run: [syspanel] stuffmon.exe
O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120582738238
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{12022511-5F6F-4CF0-9652-8528C74B9767}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D60716D-6159-4BC1-AA37-5533190E8C71}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E970CC75-ED84-448D-8184-019B0912E03E}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O18 - Filter: text/html - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O18 - Filter: text/plain - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Logfile of HijackThis v1.99.1
Scan saved at 1:23:25 PM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\xxxxx\Desktop\hijack this\modules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {A90705E3-FC68-76E1-C052-355A9A1B4C78} - jopplerg.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MCI File Sync] C:\Program Files\Myson Century, Inc\CS8818 File Synchronization Program\Filesync.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
O4 - HKLM\..\Run: [jopplerg] ERTYDF.exe
O4 - HKLM\..\Run: [vxdman] Kargo.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dmdrv.exe] C:\WINDOWS\System32\dmdrv.exe
O4 - HKLM\..\Run: [lsnlij] c:\windows\system32\pyugwg.exe r
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [Bogobot] XTermInit.exe
O4 - HKCU\..\Run: [ExchangeMaster] ActionScr.exe
O4 - HKCU\..\Run: [syspanel] stuffmon.exe
O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120582738238
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{12022511-5F6F-4CF0-9652-8528C74B9767}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D60716D-6159-4BC1-AA37-5533190E8C71}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E970CC75-ED84-448D-8184-019B0912E03E}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O18 - Filter: text/html - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O18 - Filter: text/plain - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

Advertisements


#11
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Please download this tool and run it.

Ok, download L2MFix from
Here
and Save the file to your Desktop; double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your Desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, Notepad will open with a log. Copy the contents of that log and paste it into your next post here. Do a new scan with HijackThis!, and post the new log as well.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

#12
boy9enius08

boy9enius08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
here it is


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"iebar"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Property Sheet Shell Extension"
"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 0074-C0E8

Directory of C:\WINDOWS\System32

07/24/2005 02:03 PM <DIR> ..
07/24/2005 02:03 PM <DIR> .
07/24/2005 01:15 PM <DIR> dllcache
05/25/2005 06:53 PM <DIR> Microsoft
0 File(s) 0 bytes
4 Dir(s) 8,909,533,184 bytes free





Logfile of HijackThis v1.99.1
Scan saved at 2:05:36 PM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\xxxxx\Desktop\hijack this\modules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {A90705E3-FC68-76E1-C052-355A9A1B4C78} - jopplerg.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MCI File Sync] C:\Program Files\Myson Century, Inc\CS8818 File Synchronization Program\Filesync.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
O4 - HKLM\..\Run: [jopplerg] ERTYDF.exe
O4 - HKLM\..\Run: [vxdman] Kargo.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dmdrv.exe] C:\WINDOWS\System32\dmdrv.exe
O4 - HKLM\..\Run: [lsnlij] c:\windows\system32\pyugwg.exe r
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [Bogobot] XTermInit.exe
O4 - HKCU\..\Run: [ExchangeMaster] ActionScr.exe
O4 - HKCU\..\Run: [syspanel] stuffmon.exe
O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120582738238
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{12022511-5F6F-4CF0-9652-8528C74B9767}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D60716D-6159-4BC1-AA37-5533190E8C71}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E970CC75-ED84-448D-8184-019B0912E03E}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O18 - Filter: text/html - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O18 - Filter: text/plain - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

#13
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Good lets run part 2.

Close any programs you have open since this step requires a reboot.
From the l2mfix folder on your Desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing Enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, Notepad will
open with a log. Copy the contents of that log and paste it back into this thread, along with a new Hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!
  • 0

#14
boy9enius08

boy9enius08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
ok heres the new log and thanx so far




L2Mfix 1.03a

Running From:
C:\Documents and Settings\xxxxx\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\xxxxx\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\xxxxx\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 520 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1664 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (164 bytes security) (deflated 2%)
adding: echo.reg (164 bytes security) (deflated 11%)
adding: direct.txt (164 bytes security) (deflated 2%)
adding: lo2.txt (164 bytes security) (deflated 72%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 64%)
adding: test.txt (164 bytes security) (stored 0%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
L2Mfix 1.03a

Running From:
C:\Documents and Settings\xxxxx\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\xxxxx\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\xxxxx\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 520 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1664 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (164 bytes security) (deflated 2%)
adding: echo.reg (164 bytes security) (deflated 11%)
adding: direct.txt (164 bytes security) (deflated 2%)
adding: lo2.txt (164 bytes security) (deflated 72%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 64%)
adding: test.txt (164 bytes security) (stored 0%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************





Logfile of HijackThis v1.99.1
Scan saved at 2:29:56 PM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Myson Century, Inc\CS8818 File Synchronization Program\Filesync.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Documents and Settings\xxxxx\Desktop\hijack this\modules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {A90705E3-FC68-76E1-C052-355A9A1B4C78} - jopplerg.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MCI File Sync] C:\Program Files\Myson Century, Inc\CS8818 File Synchronization Program\Filesync.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
O4 - HKLM\..\Run: [jopplerg] ERTYDF.exe
O4 - HKLM\..\Run: [vxdman] Kargo.exe
O4 - HKLM\..\Run: [lsnlij] c:\windows\system32\pyugwg.exe r
O4 - HKLM\..\Run: [dmidr.exe] C:\WINDOWS\System32\dmidr.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [Bogobot] XTermInit.exe
O4 - HKCU\..\Run: [ExchangeMaster] ActionScr.exe
O4 - HKCU\..\Run: [syspanel] stuffmon.exe
O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120582738238
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{12022511-5F6F-4CF0-9652-8528C74B9767}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D60716D-6159-4BC1-AA37-5533190E8C71}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E970CC75-ED84-448D-8184-019B0912E03E}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{061203DA-6028-4BD0-B271-B33BAA4F09FE}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O18 - Filter: text/html - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O18 - Filter: text/plain - {282A4E3F-A536-400B-9C4A-98FE7663DA98} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

#15
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Ok give me a few minutes, we have to chase some stuff down in manual, and then we run some more tools.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP