TheTechGuide Forum

General Category => Tech Clinic => Topic started by: havingproblemsplshelp on October 24, 2005, 11:52:38 AM

Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: havingproblemsplshelp on October 24, 2005, 11:52:38 AM: i have been searching online to figure out how to remove this trojan from my pc. i run norton scan and it will detect it, try to quarintine it, and then delete it but it WILL NOT. i have downloaded these programs to help with this,(killbox, spywareblaster,aawsepersonal, cwsinstall, spysweeper and cleanup). can someone please help me out with this it would be GREATLY appreciated.( HERE IS WHAT THE SCAN SAID). i think this is what is needed to help me fix this problem

Logfile of HijackThis v1.99.1
Scan saved at 1:07:18 PM, on 10/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126128250441 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126128250441\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: havingproblemsplshelp on October 24, 2005, 02:31:05 PM: bump
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: ragz45 on October 24, 2005, 07:19:47 PM: Having exactly the same problem. Loadadv458 dosn't show up on my hijack-this logs either. But nortan, panda, and many other programs i have tried detect it. Yet can not deleate it.

Running panda scan to see if it comes up with anything different than norton atm.
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: guestolo on October 24, 2005, 09:39:06 PM: What is the file name and what location on your hard drive?
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: havingproblemsplshelp on October 24, 2005, 11:02:46 PM: im guessing that the filename would be loadadv458.exe but i have no idea where it would be located on my c: drive. i am novice when it comes to computers. but please help i am worried that this can become a huge problem. how dangerous is this trojan, does anyone know and what does it do to a computer system. thanks for any help that you can give!!
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: guestolo on October 24, 2005, 11:27:33 PM: ==Download and save WinPFind.zip (http://\"http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip\")
UNZIP the contents to your desktop
Don't run it yet

Please Restart into
SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
This could take some time as it will scan your drive
Close out after

Restart back to Normal mode

Post the results of the WindPFind.txt located in the WinPFind folder
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: havingproblemsplshelp on October 25, 2005, 06:48:37 AM: I HOPE this is what you were needing. once again thank you for taking the time to help me out in this i really appreciate it. what are then steps I need to take as of now.

jayson

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 7/16/2003 3:26:44 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 8/29/2005 3:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 10/2/2005 7:40:46 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 10/2/2005 7:40:46 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 7/16/2003 3:50:38 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/25/2005 7:30:24 AM S 2048 C:\WINDOWS\bootstat.dat
9/7/2005 7:01:18 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
9/7/2005 7:01:24 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
9/7/2005 7:02:04 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
9/7/2005 4:25:08 PM H 0 C:\WINDOWS\inf\oem3.inf
9/7/2005 7:01:24 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
9/7/2005 7:01:42 PM RHS 727 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_1.cab
9/7/2005 7:01:42 PM RHS 19854 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_2.cab
9/7/2005 7:01:42 PM RHS 243124 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_3.cab
9/8/2005 2:39:14 PM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_9.cab
9/7/2005 7:06:20 PM H 229376 C:\WINDOWS\repair\ntuser.dat
9/7/2005 7:01:18 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
9/7/2005 7:01:22 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
9/7/2005 7:01:18 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
9/7/2005 7:01:18 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
9/7/2005 7:01:18 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
9/7/2005 7:01:22 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
9/7/2005 7:01:18 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
10/4/2005 8:17:40 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
9/28/2005 11:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
9/9/2005 7:15:08 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
8/29/2005 9:25:44 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904706.cat
10/25/2005 7:30:16 AM H 8192 C:\WINDOWS\system32\config\default.LOG
10/25/2005 7:30:36 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/25/2005 7:30:26 AM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
10/25/2005 7:30:36 AM H 49152 C:\WINDOWS\system32\config\software.LOG
10/25/2005 7:30:32 AM H 778240 C:\WINDOWS\system32\config\system.LOG
9/7/2005 11:51:20 AM H 1024 C:\WINDOWS\system32\config\TempKey.LOG
9/7/2005 11:51:22 AM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
10/23/2005 5:53:00 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
9/7/2005 11:52:46 AM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
9/7/2005 11:52:46 AM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
9/7/2005 7:01:46 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
9/7/2005 7:01:46 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
9/7/2005 7:01:46 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
9/7/2005 7:01:46 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
9/7/2005 7:01:46 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3RX1ZC4X\desktop.ini
9/7/2005 7:01:46 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E73RWX7D\desktop.ini
9/7/2005 7:01:46 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MSPUN9OO\desktop.ini
9/7/2005 7:01:46 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U4NBOHUM\desktop.ini
9/7/2005 7:01:26 PM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
9/7/2005 11:52:46 AM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
9/7/2005 7:02:34 PM HS 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
9/7/2005 7:02:32 PM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
9/7/2005 7:02:32 PM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
9/7/2005 7:02:32 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
9/7/2005 7:02:32 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
9/7/2005 7:12:50 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7bde1722-669a-4c94-84ae-accf770a7624
9/7/2005 4:28:10 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ffca66a3-b4f5-4045-9b94-fa454aa740e4
9/7/2005 4:28:10 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10/25/2005 7:27:06 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 2/10/2004 1:53:24 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG 12/23/2003 3:40:52 PM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 8/26/2005 6:14:42 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 7/16/2003 3:32:24 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 7/16/2003 3:37:20 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 7/16/2003 3:47:58 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 6:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 7/16/2003 3:32:24 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 7/16/2003 3:37:20 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 7/16/2003 3:47:58 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Intel Corporation 2/10/2004 1:53:24 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/7/2005 7:02:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
9/8/2005 11:06:36 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
9/8/2005 3:50:58 PM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/7/2005 11:52:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
9/7/2005 7:02:32 PM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
9/7/2005 11:52:46 AM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
9/23/2005 5:14:12 PM 17920 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   SV1    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
   {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}    = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
   {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}    = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
   {5464D816-CF16-4784-B9F3-75C0DB52B499}    = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
   {7C9D5882-CB4A-4090-96C8-430BFE8B795B}    = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
   {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}    = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
   {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}    = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
   CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}    = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
   Favorites Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar   :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   IgfxTray   C:\WINDOWS\System32\igfxtray.exe
   HotKeysCmds   C:\WINDOWS\System32\hkcmd.exe
   SoundMAXPnP   C:\Program Files\Analog Devices\Core\smax4pnp.exe
   BCMSMMSG   BCMSMMSG.exe
   SunJavaUpdateSched   C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
   PlayNowGames
   ccApp   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   Symantec NetDriver Monitor   C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
   Lexmark X1100 Series   "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
   NeroFilterCheck   C:\WINDOWS\system32\NeroCheck.exe
   SpySweeper   "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
   gcasServ   "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
   MSConfig   C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   2
   services   0
   startup   0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
    = igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    = WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/25/2005 7:35:53 AM
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: guestolo on October 25, 2005, 08:33:00 AM: From my signature below, do an online scan at Panda's
Select to scan "Local Disks"
When the scan is complete please save a report and post it back here
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest on October 25, 2005, 11:29:32 AM: Incident Status Location

Adware:Adware/CWS.Searchmeup No disinfected C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI[unk_0017][loadadv458.exe]
This is what i got when i ran panda scan. thanks for your help thus far, what is the next step.

jayson
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest_havingproblemsplshelp_* on October 25, 2005, 11:58:35 AM: Incident Status Location

Adware:Adware/CWS.Searchmeup No disinfected C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI[unk_0017][loadadv458.exe]
This is what i got when i ran panda scan. thanks for your help thus far, what is the next step.

jayson
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest_havingproblemsplshelp_* on October 25, 2005, 12:38:25 PM: i went into program files or wherever panda said that the trojan was and deleted where it was at. do you think that this will fix the problem. i am in the process now of scanning with norton and ewido security suite.

jayson
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest_havingproblemsplshelp_* on October 25, 2005, 01:05:18 PM: well, i ran ewido and it found nothing, then i ran norton and it found the same trojan yet again. this is very very aggravating. how can it still be showing on my pc? i dont know what to do or where to go from here......help help!
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest on October 25, 2005, 02:26:41 PM: bump
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest on October 25, 2005, 06:11:43 PM: bump
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: BadBoy_md on October 29, 2005, 03:42:26 PM: I know this might sound crazy but disable system restore and then try to delete it, But see if you can do it all in safe mode it is your best bet. my guess is it may be regenerating in the system restore if you disable it has no place to hide but keep in mind when you disable system restore all previous restore point will no longer be there.
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: guestolo on October 30, 2005, 12:11:19 AM: Wow, almost forgot about you

If your still around, let's make sure you rid yourself of the bad file

Download find2.zip and unzip it too desktop
Double click on find2.bat and a text file will open, copy and paste the contents back here

Also, you said this
Quote
then i ran norton and it found the same trojan yet again

Where is Norton's finding the file at???????
If it's in the System Volume information folder, well then yes, we still have to clear your restore points
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest_havingproblemsplshelp_* on October 30, 2005, 10:47:53 AM: this is where norton is finding the file i assume. C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI[unk_0017][loadadv458.exe]
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: guestolo on October 30, 2005, 10:57:08 AM: Can you download find2.zip and use the instructions I posted above
Post back the contents
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest_havingproblemsplshelp_* on October 30, 2005, 10:27:24 PM: I guess this is the information that you need. if not will you let me know what i need to do. if it is, what do i do from here. thank you for all your help!

Volume in drive C has no label.
Volume Serial Number is F4F3-C916

Directory of C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E90RIPE9

10/30/2005 10:24 PM <DIR> .
10/30/2005 10:24 PM <DIR> ..
10/30/2005 11:38 AM 70,123 17_jobsagency[1].gif
10/30/2005 11:38 AM 39,350 17_jobsagency_npc[1].gif
10/30/2005 10:24 PM 2,147 71720%26inc%3D25%26order%3Ddown%26sort%3Ddate%26pos%3D0%26view%3D%26head%3D%26box%3D%2540B%2540Bulk&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-360&u_java=true
10/30/2005 11:37 AM 818 7DS[1].gif
10/30/2005 11:10 AM 32,489 98831_2[1].jpg
10/30/2005 11:38 AM 1,999 accessories_on[1].gif
10/30/2005 11:37 AM 10,745 aff_simfreaks[1].gif
10/30/2005 11:07 AM 770 artists[1].gif
10/30/2005 11:07 AM 91 background[1].gif
10/30/2005 11:38 AM 2,010 bathroom_off[1].gif
10/30/2005 11:07 AM 1,158 bbutton[1].gif
10/30/2005 11:07 AM 647 beginsearch[1].gif
10/30/2005 11:32 AM 1,901 bigorderroll[1].gif
10/30/2005 11:35 AM 962 bkgr[1].gif
10/30/2005 11:33 AM 9,681 bluemenuedit[1].gif
10/30/2005 11:10 AM 752 bronze[1].gif
10/30/2005 11:37 AM 5,093 b_building_off[1].gif
10/30/2005 11:38 AM 5,544 b_building_on[1].gif
10/30/2005 11:37 AM 4,979 b_news_off[1].gif
10/30/2005 11:38 AM 5,747 b_sims2_active[1].gif
10/30/2005 11:38 AM 5,431 b_skins_on[1].gif
10/30/2005 04:34 PM 0 CA3YS7RH.php
10/30/2005 04:40 PM 0 CA6NW7XQ.php
10/30/2005 04:34 PM 11,588 cheat_box[1].gif
10/30/2005 11:35 AM 1,464 chkgames_simsconsole[1].gif
10/30/2005 11:34 AM 966 community_on[1].gif
10/30/2005 11:38 AM 2,032 decorative_off[1].gif
10/30/2005 11:07 AM 67 desktop.ini
10/30/2005 11:38 AM 2,032 dining_living_off[1].gif
10/30/2005 11:38 AM 2,037 dining_living_on[1].gif
10/30/2005 11:38 AM 2,013 downtown_off[1].gif
10/30/2005 11:36 AM 1,713 eabar[1].htm
10/30/2005 11:32 AM 450 eacomoff[1].gif
10/30/2005 04:39 PM 20,322 earthlink_du_728x90_20k_101005[1].gif
10/30/2005 11:38 AM 2,067 electronics_on[1].gif
10/30/2005 11:24 AM 471 fadesm[1].gif
10/30/2005 11:07 AM 151 fade[1].gif
10/30/2005 11:07 AM 1,240 fansite[1].gif
10/30/2005 11:07 AM 6,804 featured_artist_25_carly[1].jpg
10/30/2005 10:24 PM 220 find2[1].zip
10/30/2005 11:37 AM 93 flag_french[1].gif
10/30/2005 11:38 AM 11,708 floor_modfloor_colorstiles[1].gif
10/30/2005 11:07 AM 1,162 fnews[1].gif
10/30/2005 11:37 AM 68 fond[1].gif
10/30/2005 11:07 AM 4,276 forums[1].gif
10/30/2005 11:31 AM 174,661 franchise_mc_sims[1].swf
10/30/2005 11:07 AM 597 freedownloads[1].gif
10/30/2005 11:32 AM 1,233 getcool_off[1].gif
10/30/2005 04:33 PM 3,677 google[1].htm
10/30/2005 04:34 PM 44,124 header[1].jpg
10/30/2005 11:32 AM 2,172 header_expand[1].gif
10/30/2005 11:32 AM 1,601 header_sims2[1].gif
10/30/2005 11:24 AM 567 helptips[1].gif
10/30/2005 11:33 AM 4,552 homecrafterpic[1].gif
10/30/2005 11:32 AM 1,724 icon_ex-family[1].jpg
10/30/2005 11:32 AM 2,301 icon_ex-hotdate[1].jpg
10/30/2005 11:07 AM 332 index[1].htm
10/30/2005 11:13 AM 332 index[2].htm
10/30/2005 11:36 AM 845 index[3].htm
10/30/2005 11:32 AM 51,336 index[4].htm
10/30/2005 11:37 AM 19,399 index[5].htm
10/30/2005 04:34 PM 4,998 init[1].js
10/30/2005 04:39 PM 1,124 JS[1].htm
10/30/2005 04:40 PM 1,076 JS[2].htm
10/30/2005 11:32 AM 968 leftbg[1].gif
10/30/2005 04:34 PM 1,751 letter_selection[1].gif
10/30/2005 04:39 PM 0 logging2[1].php
10/30/2005 10:24 PM 62,066 login[1].htm
10/30/2005 11:37 AM 4,145 lyrans[1].gif
10/30/2005 11:31 AM 2,252 main[1].css
10/30/2005 11:35 AM 1,507 main[2].css
10/30/2005 11:33 AM 1,480 makecoolheader[1].gif
10/30/2005 11:32 AM 479 mapoff[1].gif
10/30/2005 11:34 AM 9,905 map[1].htm
10/30/2005 11:35 AM 934 maxislogo[1].gif
10/30/2005 11:35 AM 11,007 maxis[1].htm
10/30/2005 11:07 AM 125 mb[1].gif
10/30/2005 11:07 AM 14,362 media83381[1].gif
10/30/2005 11:07 AM 174 middlefade[1].gif
10/30/2005 11:32 AM 326 navend[1].gif
10/30/2005 04:34 PM 3,310 navigation_item_last[1].gif
10/30/2005 11:35 AM 596 nav_aboutmaxis[1].gif
10/30/2005 11:37 AM 1,278 nav_previous[1].gif
10/30/2005 11:35 AM 961 nav_store[1].gif
10/30/2005 04:34 PM 1,487 noimageyet[1].gif
10/30/2005 11:07 AM 618 notfree[1].gif
10/30/2005 11:37 AM 1,264 ok[1].gif
10/30/2005 11:32 AM 43 onepixel[1].gif
10/30/2005 11:34 AM 43 onepixel[2].gif
10/30/2005 11:38 AM 1,924 plants_off[1].gif
10/30/2005 11:07 AM 513 poll[1].gif
10/30/2005 04:34 PM 1,869 quick_links[1].gif
10/30/2005 11:38 AM 2,654 search[1].gif
10/30/2005 11:38 AM 1,980 seating_on[1].gif
10/30/2005 04:40 PM 6,019 showAD120[1].js
10/30/2005 11:37 AM 21,145 sims1_off[1].jpg
10/30/2005 11:07 AM 2,437 sims2tab[1].gif
10/30/2005 11:32 AM 1,512 sims2_logo2[1].gif
10/30/2005 11:37 AM 20,867 sims2_off[1].jpg
10/30/2005 11:36 AM 332 simsall;kw=dcopt=ist;sz=468x60;ord=2897233515910559[1].htm
10/30/2005 11:32 AM 329 simsall;kw=dcopt=ist;sz=468x60;ord=999983130871069[1].htm
10/30/2005 11:07 AM 382 sitemaplink[1].gif
10/30/2005 11:33 AM 4,437 skinspic[1].gif
10/30/2005 11:07 AM 13,543 skyscraper[1].gif
10/30/2005 04:34 PM 26,278 steps_v2[1].swf
10/30/2005 11:38 AM 1,942 studio_on[1].gif
10/30/2005 11:07 AM 328 sublinkoff[1].gif
10/30/2005 11:07 AM 296 submenubackground[1].gif
10/30/2005 03:44 PM 19,746 subsxml[1].xml
10/30/2005 11:07 AM 269 tabbackground[1].gif
10/30/2005 04:40 PM 23,710 The-Sims-2-Cheats[1].htm
10/30/2005 11:35 AM 1,151 thesims.ea[1].htm
10/30/2005 11:32 AM 8,379 thesims2_sm[1].jpg
10/30/2005 11:31 AM 1,703 thesims_megadeluxe_logo[1].gif
10/30/2005 11:32 AM 743 ticon[1].gif
10/30/2005 11:37 AM 3,705 titre[1].gif
10/30/2005 11:32 AM 2,673 topbg[1].gif
10/30/2005 11:38 AM 2,046 toys_off[1].gif
10/30/2005 11:31 AM 1,090 tsologo[1].gif
10/30/2005 11:07 AM 9,615 w-241h-161-212483_2[1].jpg
10/30/2005 11:07 AM 9,870 w-241h-161-217542[1].jpg
10/30/2005 11:07 AM 12,471 w-241h-161-217551_2[1].jpg
10/30/2005 11:07 AM 27,985 w-241h-161-229565_2[1].jpg
10/30/2005 11:13 AM 9,749 w-241h-161-24828[1].jpg
10/30/2005 11:13 AM 10,593 w-241h-161-24828_2[1].jpg
10/30/2005 11:13 AM 11,202 w-241h-161-25425[1].jpg
10/30/2005 11:13 AM 12,229 w-241h-161-25425_2[1].jpg
10/30/2005 11:10 AM 11,943 w-241h-161-95274_2[1].jpg
10/30/2005 11:10 AM 9,715 w-241h-161-95735[1].jpg
10/30/2005 11:10 AM 9,002 w-241h-161-97214[1].jpg
10/30/2005 11:10 AM 8,984 w-241h-161-97214_2[1].jpg
10/30/2005 11:10 AM 14,103 w-241h-161-98831_2[1].jpg
10/30/2005 11:38 AM 13,205 wall_modwall_lightgrey[1].gif
133 File(s) 1,057,781 bytes

Total Files Listed:
133 File(s) 1,057,781 bytes
2 Dir(s) 29,346,299,904 bytes free
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest_Scott_* on October 31, 2005, 06:02:24 PM: Same problem, it's driving me nuts!! anyone that figures this out would you please email me at sdoolingEmail Removed I just had a CC hijacked too and this might be why!!
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest on October 31, 2005, 08:45:56 PM: bump
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: MPLSDOM on October 31, 2005, 10:33:56 PM: Volume in drive C is HP_PAVILION
Volume Serial Number is 3423-DC14

Directory of C:\Program Files\Common Files\Wise Installation Wizard

10/31/2005 07:41 PM <DIR> .
10/31/2005 07:41 PM <DIR> ..
10/31/2005 02:43 AM 320,000 WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI
1 File(s) 320,000 bytes

Total Files Listed:
1 File(s) 320,000 bytes
2 Dir(s) 220,778,049,536 bytes free

I'M HAVING THE SAME PROBLEM IF ANYONE HAS SOME ADVISE?DOWNLOADER.TROJAN (LOADADV458.EXE) HAVE NORTAN AND SPY SWEEPER NORTAN KEEPS SHOWING THE VIRUS BUT CAN'T DELETE IT. HELP PLEASE!!!
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest on November 01, 2005, 01:00:33 AM: bump - havingproblemsplshelp
Title: loadadv458.exe downloader trojan (pls help!!!!)
Post by: Guest_Scott_* on November 01, 2005, 01:17:32 PM: Bump,bump. Please help! /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />