View Full Version : casclient, winbo32 and maybe more. help please!
Black_Star
2006-04-12, 05:32
Hey my name is Kitty and I'm having some problems...
I been getting tons of popups the moment i'm online even when I'm not even surfing the wed...and my computer now is running so slow..i scanned and all but i don't know what else i can do..
please help. thanx you for reading. here is my log
Logfile of HijackThis v1.99.1
Scan saved at 7:20:40 PM, on 4/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\windows\mousepad9.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms04077214-532.exe
C:\Program Files\Network\ipnetwork.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Juno\bin\juno.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\System32\msnmsg.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=starkittyluong&login=b81f0cdfe59c11abe14479570f68f1ad/starkittyluong:netzero.net/1130115626/30/sss.8.87153/&ts=435c322a&A=0&B=1127545200000&C=1127545200000&D=0&I=8.NQ3&N=EM&O=A&UT=zeroport
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms04077214-532] C:\WINDOWS\ms04077214-532.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Msn Messenger] msnmsg.exe
O4 - HKLM\..\RunServices: [Msn Messenger] msnmsg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C61470-63C0-496F-9573-2BC5C42CCB08}: NameServer = 64.136.28.120 64.136.20.120
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1. Please download Ewido Anti-Malware (http://www.ewido.net/en/download/)
Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://www.ewido.net/en/download/updates/)
2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
4. Once in Safe Mode, Open Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.
Black_Star
2006-04-13, 02:17
ok..i did what you told me..i had a few problems while i was scanning with ewido but I manage to have it done :D ok here are the logs.
Logfile of HijackThis v1.99.1
Scan saved at 4:11:31 PM, on 4/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\ms04077214-532.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msnmsg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Juno\bin\juno.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=starkittyluong&login=b81f0cdfe59c11abe14479570f68f1ad/starkittyluong:netzero.net/1130115626/30/sss.8.87153/&ts=435c322a&A=0&B=1127545200000&C=1127545200000&D=0&I=8.NQ3&N=EM&O=A&UT=zeroport
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ms04077214-532] C:\WINDOWS\ms04077214-532.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Msn Messenger] msnmsg.exe
O4 - HKLM\..\RunServices: [Msn Messenger] msnmsg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C61470-63C0-496F-9573-2BC5C42CCB08}: NameServer = 64.136.28.120 64.136.20.120
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Black_Star
2006-04-13, 02:19
~~~ and here is the ewido log. it said the post was to long so i had to make 2 more post
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 4:03:42 PM, 4/12/2006
+ Report-Checksum: F9A0B21F
+ Scan result:
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Alprimus Facility Beta map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Alternate Rocket Launcher .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Ambition mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Amon-Ra CTF map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Amon-Ra map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Amy Weber skin .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Analyze FPS mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Analyze FPS v2 mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Ancient Evil DCSE CTF map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - And Action map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Andromeda 1.0 skin .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Anfractuous map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Angel skin .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Angelina Jolie skin .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Antalus X map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Anti-Camper mod 1.1.1 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Anti-TCC mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Apercevoir deathmatch map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Apercevoir final deathmatch map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Aphex skin .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Apothus skin .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Aqua deathmatch map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Arborea Forest final deathmatch map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Arena Battle deathmatch map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Arena deathmatch map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Arena of Retribution map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Arial Assault map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Ariel map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Arno Starck skin .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Arrakis map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2003 - Artifact deathmatch map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Upload a torrent.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\V For Vendetta Ts Xvid Hookah.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Va Club Fever 2006 2006 Dance.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA-Super Best Trance V-2006-JRP.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Var Psk 0 2 Bat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Veronica Mars S02E17 HR HDTV AC3 2.0 XviD-CTU.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VoIP Center.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vue 5 Infinite - Reference Manual.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\When A Stranger Calls 1979.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Willing Webcam v3 4 WinALL Incl Keygen-BLiZZARD rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Genuine Advantage (New - Guaranted Working).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP SP2 TCPIP.SYS fix AiO [vertigo173].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winternals Administrator Pack 2006 PRO_WCcT.us.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
Black_Star
2006-04-13, 02:20
C:\Documents and Settings\Owner\Complete\WinXP SP2 Speed Patch_WCcT.us.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXP Update Fix_WCcT.us.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wits End Dog Training pdf - Orginal.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wonder Showzen S02E02 DSRip XviD-aAF [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\World Cup Germany 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\World Of Warcraft Isos Eng Us Server Browser.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\World War II Combat Road To Berlin-PLEX.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wrestling Observer Live 04 09 06 With Les Tacher FCZ mp3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wrox Beginning Python Jul 2005 eBook-LinG.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WWE - WWE Friday Night Smackdown 04 07 06 XviD-KYR.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wwe Wrestlemania 22 2006 04 02 Svcd Sc Sdh.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X Men All Seasons.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\XBMC (Xbox Media Center) 04-10-06 T3CH CVS.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\XP Lite 2006 Corp iSO.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Yu Gi Oh 151 224.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Yu-Gi-Oh! - 219 - In The Name Of The Pharaoh (andyscot) [640x480 XVID] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[#aznmp3]ORANGE RANGE - SQUEEZED [192kbps 2006 04 12] zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[2006] Pearl Jam (Pearl Jam) www.malomania.com.ar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[A-E] Yakitate Japan 57 [90CAE440] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[a4e]Blue Seed Beyond 01-03 Henta.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[a4e]Full Metal Panic 01-24.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[a4e]Lost Universe 01-26.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Addict-S]Blood+ 25 vostfr avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[AnimeU] Disgaea 01 [688E852B] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[AnimeU] Magikano 12 [8FFEE731] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[BangalTorrents.com] Ja Icche Tai.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[BanglaTorrents.com] Devdas Therapy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Black-Trainers] Plastic Little H-Artbook.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Bleach-Society]Bleach - 75-76[XviD][C9BBCF4D] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[C1]MaRChen Awakens Romance - 35[XviD][0D382A85] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Eclipse] Fate-stay night - 14 (XviD) [E84AF365] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Howard Stern] - Wrap-Up Show (04-07-06).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[ITDK] Fate Stay Night 14 [VOSTFR].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Kyuu] Air Gear - 01[68648CD6] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Kyuu] Kiba - 02[D2FBF2CE] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Kyuu] xxxHOLiC - 01[CBF8B340] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[LIME] Fighting Beauty Wulong 04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[LIME] High School Girls 01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Live-eviL] NANA - Ep 01 avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Lunar] Bleach Jump Festa 2005 Anime Tour [DVD][2A4A9BDD] avi (OVA 2 - Sealed Sword Frenzy).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Lunar] Ouran High School Host Club - 01 [27A38DD3] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Megami] Zegapain - 01 [58C71CEA] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Mirage-Team] Naruto 179 [VOSTFR].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[OOM]Kage Kara Mamoru 11 [25B6AFB1] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[OPT]One Piece vostfr 182 avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Pc-Game] Sega Rally - [Tnt-Village].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Pc-Game] The House of the Dead 3 - [Tnt-Village].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[PSP]Naruto Nultimate Portable [JAP][RIP][pesadilla100] [www ESPALPSP com] rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[S-R]Naruto 1x30 - The Sharingan Revived, Dragon-Flame Jutsu [By CHIPPER] [1610D0C1].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Shinsen-Subs] Ergo Proxy - 03 [B6205537] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Shinsen-Subs] xxxHOLiC - 01 [88F4B52C] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Spanish Newspaper] El Pais PDF 08 04 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Spanish Newspaper] El Pais PDF 09 04 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[Spanish Newspaper] El Pais PDF 10 04 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[SRN]Strawberry Panic 01 [98B64791].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[STD] The HitchHikers Guide To The Galaxy - Complete & Uncut Radio Series.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[SVEN] Learn Italian Audio Book.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[S^M] School Rumble 2 gakki 02 RAW avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[TBox] Brokeback Mountain[2005]DvDrip[Eng]-aXXo.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[TNT village]LA GAZZETTA DEL PIRATA 7-APRILE.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\[yesy] Utawarerumono - 01 [0D75D63E] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads1.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr21CA -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr225E -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr3175 -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr59A8 -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ANG7WJU1\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\keyboard9[1].exe -> Downloader.VB.aaf : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CX6JCTEN\visfx500[1].exe -> Dropper.Agent.aie : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SHMFW92R\drsmartload[1].exe -> Downloader.VB.aad : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SHMFW92R\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UPMTUDUX\mousepad9[1].exe -> Downloader.VB.aaf : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UZODQV8F\113[1].avi -> Adware.Maxifiles : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UZODQV8F\newname9[1].exe -> Downloader.VB.aaf : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WLYF4HYR\drdata[1].avi -> Dropper.Agent.aac : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\BE Network\bin\slidev.exe -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\BE Network\bin\slidex.exe -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\WINDOWS\system32\gp62l3jo1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hr4005hme.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\osethk32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\s088lalu1dq8.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
::Report End
hi
open hiajckthis
click do a system scan only
checkmark these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [ms04077214-532] C:\WINDOWS\ms04077214-532.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [Msn Messenger] msnmsg.exe
O4 - HKLM\..\RunServices: [Msn Messenger] msnmsg.exe
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
then close all browser and explorer windows
leaving only hiajckthis running
and click fix checked
reboot
lets do an online virus scan :
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
also post a fresh hijackthis log
Black_Star
2006-04-13, 09:58
here's hijack's report
Logfile of HijackThis v1.99.1
Scan saved at 11:57:29 PM, on 4/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Juno\bin\juno.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=starkittyluong&login=b81f0cdfe59c11abe14479570f68f1ad/starkittyluong:netzero.net/1130115626/30/sss.8.87153/&ts=435c322a&A=0&B=1127545200000&C=1127545200000&D=0&I=8.NQ3&N=EM&O=A&UT=zeroport
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C61470-63C0-496F-9573-2BC5C42CCB08}: NameServer = 64.136.28.120 64.136.20.120
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
here's Kaspersky report
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, April 12, 2006 11:56:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 13/04/2006
Kaspersky Anti-Virus database records: 187908
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 46210
Number of viruses found: 21
Number of infected objects: 85
Number of suspicious objects: 0
Duration of the scan process: 00:52:15
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-2f7b83c7.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-2f7b83c7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2LOVENQH\sk02[1].exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2LOVENQH\sk02[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ANG7WJU1\ie0604[1].htm Infected: Exploit.JS.IframeBO skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\launcher[1].exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.p skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\launcher[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\launcher[2].exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.p skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\launcher[2].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\package_ADPERFORM[1].exe/stream/data0001/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\package_ADPERFORM[1].exe/stream/data0001/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.ae skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\package_ADPERFORM[1].exe/stream/data0001/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\package_ADPERFORM[1].exe/stream/data0001/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\package_ADPERFORM[1].exe/stream/data0001/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\package_ADPERFORM[1].exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\package_ADPERFORM[1].exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9QNCP6Z\package_ADPERFORM[1].exe NSIS: infected - 7 skipped
C:\Program Files\BE Network\Uninstall.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\Program Files\BE Network\Uninstall.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\Program Files\BE Network\Uninstall.exe NSIS: infected - 2 skipped
C:\sk02.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\sk02.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP114\A0056011.dll Infected: Trojan-Clicker.Win32.Agent.ac skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP114\A0056013.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP114\A0056014.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP114\A0056121.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP114\A0056136.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056185.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056194.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056200.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056219.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056226.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056230.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056236.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056239.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056247.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0056266.dLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057259.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057266.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057266.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057266.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057267.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057271.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057282.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057285.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057289.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057305.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057308.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0058288.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0058304.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0058307.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP117\A0058329.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP117\A0058334.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP117\A0058335.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP117\A0058344.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP117\A0058358.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP117\A0058367.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP117\A0058378.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP118\A0058390.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0058394.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0058395.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.p skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0058395.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0058422.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0058444.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0058451.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0058464.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0058495.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0058622.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0059006.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0059114.dll Infected: Trojan-Clicker.Win32.Agent.ac skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0059166.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0059174.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.y skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0059187.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0059188.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060231.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060232.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060233.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060234.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060235.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060236.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060237.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060238.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060239.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP119\A0060240.exe Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\msnmsg.exe Infected: Backdoor.Win32.EggDrop.v skipped
Scan process completed.
hi
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
1) Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop and run it.
2) Select "Delete on Reboot".
then press the button "ALL FILES"
3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\sk02.exe
C:\WINDOWS\system32\msnmsg.exe
4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
allow the reboot
delete the folders
C:\Program Files\BE Network\
C:\Documents and Settings\Owner\Complete
C:\Program Files\outlook
Download and Save Blacklight (http://www.f-secure.com/blacklight/try.shtml) to your desktop:
Double-click blbeta.exe then accept the agreement, click > scan then > next
You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
post a new hijackthis log too
Black_Star
2006-04-13, 18:59
i double click on the blacklight beta but only receive this message...
F-Secure BlackLight was unable to acquire nescessary privileges (SeDebugPrivilege)
hi
it was caused by this infection:
C:\System Volume Information\_restore{FC362148-9CF8-4C85-8000-FE1F7589FD79}\RP116\A0057259.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
lets restore it then, so that you can run blacklight.
Please download NTrights.zip (http://www10.brinkster.com/expl0iter/freeatlast/NTrights.zip) by freeatlast.
If you can't access it, download NTrights.zip via here: http://www10.brinkster.com/expl0iter/freeatlast/dumprights.htm
Save it on your desktop.
Unzip/extract it.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Open the NTrights-folder
Double click on the Debug.bat file to run it, follow any prompts it asks.
REBOOT
Doubleclick the Debug.bat again after reboot.
It will create a log.
If the log says:
"Granting SeDebugPrivilege to Administrators ... successful", you must be ok and things restored well.
next run a scan with blacklight and post the resulting log here
along with a fresh hijackthis log
Black_Star
2006-04-14, 03:02
here it is
Logfile of HijackThis v1.99.1
Scan saved at 5:01:28 PM, on 4/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Juno\bin\juno.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=starkittyluong&login=b81f0cdfe59c11abe14479570f68f1ad/starkittyluong:netzero.net/1130115626/30/sss.8.87153/&ts=435c322a&A=0&B=1127545200000&C=1127545200000&D=0&I=8.NQ3&N=EM&O=A&UT=zeroport
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C61470-63C0-496F-9573-2BC5C42CCB08}: NameServer = 64.136.28.120 64.136.20.120
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
and this is the blacklight log too
04/13/06 16:53:42 [Info]: BlackLight Engine 1.0.35 initialized
04/13/06 16:53:42 [Info]: OS: 5.1 build 2600 (Service Pack 1)
04/13/06 16:53:43 [Note]: 7019 4
04/13/06 16:53:43 [Note]: 7005 0
04/13/06 16:54:07 [Note]: 7006 0
04/13/06 16:54:07 [Note]: 7011 236
04/13/06 16:54:07 [Note]: 7026 0
04/13/06 16:54:08 [Note]: 7026 0
04/13/06 16:54:08 [Note]: FSRAW library version 1.7.1015
04/13/06 16:56:29 [Note]: 7006 0
04/13/06 16:56:29 [Note]: 7011 236
04/13/06 16:56:29 [Note]: 7026 0
04/13/06 16:56:30 [Note]: 7026 0
04/13/06 16:56:30 [Note]: FSRAW library version 1.7.1015
04/13/06 16:57:50 [Note]: 7006 0
04/13/06 16:57:50 [Note]: 7011 236
04/13/06 16:57:50 [Note]: 7026 0
04/13/06 16:57:50 [Note]: 7026 0
04/13/06 16:57:50 [Note]: FSRAW library version 1.7.1015
04/13/06 16:59:37 [Note]: 7007 0
hi
looks good :)
everything went smooth with the file deletions i assume ?
good work there :bigthumb:
the log appears to be clean
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore (http://www.bleepingcomputer.com/forums/tutorial63.html)
or
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topict405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/tutorial43.html)
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/tutorial48.html)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
here are some additional utilities that will enhance your safety
IE/Spyad (https://netfiles.uiuc.edu/ehowes/www/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
also remember to keep your java updated, see this topic for instructions
http://forums.spybot.info/showthread.php?t=2559
Black_Star
2006-04-15, 02:24
thanx so much for helping me! :D my computer is alot better now! :p :D i'll try to make sure everything on my computer is updated and protected from now on. but if I run into trouble :D you won't mind helping me will ya? heh laters
but if I run into trouble :D you won't mind helping me will ya? heh laters
nope i dont but i sure hope not ;)
i'll probably nag a bit :D
as the probelm here is resolved this topic will now be archived
this will prevent others with similar problems posting to it instead of starting new topics
contact the forum staff to get it reopened
this applies to the original poster only
glad we could help :)