Post by: miszila on April 15, 2006, 12:19:42 PM
i was browsing thru some website when it suddenly installs something to my comp a few days back.
everr since that happen, lots of errors appear.
1)ads n popups.
these ads have been "overwritting" on the pics on the web when im surfing.. n its very irritating.. when searching videos at youtube.com, all the photos changed into ads..
2)n an error msg "unable to run DLL as an app"
n they say "need to shut down system explorer"
now i cant open my Task manager.
3)and i also have this java script:{document.location='http://sexmaxx.com/freegalleries.htm';}
when i right click on any folders.. how to remove them n how they come abt?
4)n i have this My AccessMedia folder.. its empty inside.. however, i've deleted it many times but it keeps on reappearing..
im using a laptop n windows XP n it belongs to my sis.
i really hope someone could help me.
here's my latest hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 12:59:30 AM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Network\ipnetwork.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\agentsvr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/ (http://\"http://www.mofunzone.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg (http://\"http://www.mysingtel.com.sg\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [Metainternetaboutbows] C:\Documents and Settings\All Users\Application Data\Coal Style Meta Internet\FUNKLESS.exe
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (http://\"https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab (http://\"https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\enjsl1171.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Post by: guestolo on April 15, 2006, 12:56:34 PM
Please download the latest version of Look2Me-Remover.exe (http://\"http://www.atribune.org/ccount/click.php?id=7\") to your desktop.
DO NOT RUN THIS YET
==========================================
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU
Please download Brute Force Uninstaller (http://\"http://www.merijn.org/files/bfu.zip\")
Reminder, choose SAVE rather than OPEN
Save this too the desktop
Once you have it saved too desktop
Then Extract (UNZIP) the contents to the (C:\BFU) folder you just made
So you now have C:\Bfu\bfu.exe
[color=\"#CC0000\"]RIGHT CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/alcanshorty.bfu\")
and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover.
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\alcanshorty.bfu
======================================================
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
I need you too do the following
Spybot's TeaTimer is a great tool, but it may, and probably will interfere with any fixes we are to try
Open Spybot, click on MODE>>Advanced Mode>>Ok the prompt
Click on TOOLS in the bottom left
Then click on RESIDENT on the top left column
On the right hand side, uncheck ONLY Resident "TeaTimer"
Accept the change
I need you too disable
Microsoft AntiSpyware realtime protections
Open Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
Reboot the computer to ensure both are disabled
Leave these disabled please until AFTER we are sure you are completely clean
I'll let you know when you can reenable them!
Back in Windows
Norton's Scriptblocking may interfere as well
To disable Norton AntiVirus Script Blocking
1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK.
Also keep this disabled until after we have you clean
Can you temporarily disable Norton's AutoProtect
Here's a link to explain
http://service1.symantec.com/SUPPORT/nav.n...d/1997121131456 (http://\"http://service1.symantec.com/SUPPORT/nav.nsf/docid/1997121131456\")
You can reenable this after the computer has rebooted from the below fix, but keep Script blocking disabled and your anti-spyware protections
* Close all windows before continuing.
=Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to alcanshorty.bfu in the C:\BFU folder
Right click alcanshorty.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.
* Double-click Look2Me-Remover.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Remover will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
After you have completed the restart back to Normal mode
Post back the following please
1. Post a fresh hijackthis log
2. Please post the contents of log from look2me destroyer on your desktop or in C:\Look2Me-Remover.txt
3. Could I also have you do the following
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste to the empty notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as findjobs.bat
Save this file on the desktop
Code: [Select]
dir %Windir%\tasks /a h > files.txt
notepad files.txt Double click on findjobs.bat
A text file will open, can you copy and paste the contents back here please
We have more work to do, but the above is a start to get this system completely clean
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: miszila on April 15, 2006, 02:15:09 PM
i've follow as told..
here's my new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 3:09:55 AM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\agentsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/ (http://\"http://www.mofunzone.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg (http://\"http://www.mysingtel.com.sg\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Metainternetaboutbows] C:\Documents and Settings\All Users\Application Data\Coal Style Meta Internet\FUNKLESS.exe
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (http://\"https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab (http://\"https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
n here's my look2me destroyer log
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 4/16/2006 2:59:04 AM
Infected! C:\WINDOWS\system32\l6j8lg1u16.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP213\A0104445.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104714.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104814.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104826.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105113.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105129.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105142.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105146.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105194.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105195.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105207.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105208.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105248.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105260.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105264.dll
Infected! C:\WINDOWS\system32\enj8l11u1.dll
Infected! C:\WINDOWS\system32\kqdintam.dll
Infected! C:\WINDOWS\system32\l6j8lg1u16.dll
Infected! C:\WINDOWS\system32\lvp2097oe.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\l6j8lg1u16.dll
C:\WINDOWS\system32\l6j8lg1u16.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP213\A0104445.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP213\A0104445.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104714.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104714.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104814.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104814.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104826.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104826.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105113.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105113.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105129.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105129.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105142.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105142.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105146.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105146.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105194.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105194.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105195.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105195.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105207.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105207.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105208.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105208.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105248.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105248.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105260.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105260.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105264.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105264.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\enj8l11u1.dll
C:\WINDOWS\system32\enj8l11u1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kqdintam.dll
C:\WINDOWS\system32\kqdintam.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\l6j8lg1u16.dll
C:\WINDOWS\system32\l6j8lg1u16.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lvp2097oe.dll
C:\WINDOWS\system32\lvp2097oe.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FE4129A8-4844-4928-B17F-396081B5CB0A}"
HKCR\Clsid\{FE4129A8-4844-4928-B17F-396081B5CB0A}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7479D2AB-1E33-442B-9D80-90B6A6A6DD6D}"
HKCR\Clsid\{7479D2AB-1E33-442B-9D80-90B6A6A6DD6D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D76B74D5-0A86-4203-AF17-780A2CDEB3EF}"
HKCR\Clsid\{D76B74D5-0A86-4203-AF17-780A2CDEB3EF}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3F4F93D7-69FA-4F42-A5CF-34AE5B16E250}"
HKCR\Clsid\{3F4F93D7-69FA-4F42-A5CF-34AE5B16E250}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EC49F62B-7C4B-4A46-88ED-6452FAAE02DF}"
HKCR\Clsid\{EC49F62B-7C4B-4A46-88ED-6452FAAE02DF}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FF95BB3D-B54F-4AB4-AAFD-8B3E83937922}"
HKCR\Clsid\{FF95BB3D-B54F-4AB4-AAFD-8B3E83937922}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
here's my notepad
Volume in drive C is ACER
Volume Serial Number is 90B7-155A
Directory of C:\WINDOWS\tasks
04/16/2006 03:06 AM <DIR> .
04/16/2006 03:06 AM <DIR> ..
04/16/2006 03:00 AM 260 A23AD56891855240.job
04/16/2006 03:00 AM 256 A5CC9FD891871AD0.job
04/16/2006 03:00 AM 260 A8D77CBA9184F2DE.job
04/16/2006 03:00 AM 256 AC70ECB2918F62B6.job
04/16/2006 03:00 AM 256 ACDE28769185DA66.job
04/16/2006 03:00 AM 260 ADC2D3AD958151A1.job
08/04/2004 05:00 AM 65 desktop.ini
04/14/2006 08:00 PM 528 Norton AntiVirus - Scan my computer - FiZa.job
06/17/2005 01:13 AM 480 Norton AntiVirus - Scan my computer - ZiLa.job
04/16/2006 03:06 AM 6 SA.DAT
04/15/2006 11:37 AM 362 Symantec NetDetect.job
11 File(s) 2,989 bytes
Directory of C:\Documents and Settings\ZiLa\Desktop
Post by: guestolo on April 15, 2006, 02:45:48 PM
Now let's try and clean the rest of it for you
==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as remjob.bat
Save this file on the desktop
We'll need it later
Code: [Select]
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A23AD56891855240.job
attrib -r -s -h A5CC9FD891871AD0.job
attrib -r -s -h A8D77CBA9184F2DE.job
attrib -r -s -h AC70ECB2918F62B6.job
attrib -r -s -h ACDE28769185DA66.job
attrib -r -s -h ADC2D3AD958151A1.job
del A23AD56891855240.job
del A5CC9FD891871AD0.job
del A8D77CBA9184F2DE.job
del AC70ECB2918F62B6.job
del ACDE28769185DA66.job
del ADC2D3AD958151A1.jobDownload and install Windows CleanUp! 4.5.1 (http://\"http://www.stevengould.org/downloads/cleanup/CleanUp451.exe\")
Don't run this yet
==Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" UNCHECK
- "Install background guard"
"Install scan via context menu".
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
==Double click on remjob.bat A window will open and close, this is normal
==Use Windows Explore to find and remove the following folder
C:\Documents and Settings\All Users\Application Data\Coal Style Meta Internet <-this folder
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
"decline to log off or restart the computer"
Remain in safe mode
==Open Ewido Anti-Malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O4 - HKLM\..\Run: [Metainternetaboutbows] C:\Documents and Settings\All Users\Application Data\Coal Style Meta Internet\FUNKLESS.exe
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab\")
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot back to Normal mode
Post back all the following please
1. Post a fresh hijackthis log
2. Post the whole Ewido report
3. Can you double click on findjobs.bat again and post the contents of the text file that opens
Post by: miszila on April 15, 2006, 08:15:36 PM
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe
here's my latest hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 9:02:29 AM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/ (http://\"http://www.mofunzone.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg (http://\"http://www.mysingtel.com.sg\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (http://\"https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab (http://\"https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
textfile
Volume in drive C is ACER
Volume Serial Number is 90B7-155A
Directory of C:\WINDOWS\tasks
04/16/2006 04:23 AM <DIR> .
04/16/2006 04:23 AM <DIR> ..
08/04/2004 05:00 AM 65 desktop.ini
04/14/2006 08:00 PM 528 Norton AntiVirus - Scan my computer - FiZa.job
06/17/2005 01:13 AM 480 Norton AntiVirus - Scan my computer - ZiLa.job
04/16/2006 08:59 AM 6 SA.DAT
04/16/2006 03:37 AM 362 Symantec NetDetect.job
5 File(s) 1,441 bytes
Directory of C:\Documents and Settings\ZiLa\Desktop
Post by: miszila on April 15, 2006, 08:35:35 PM
i cant attach it either coz the size is too big..
found 4379 infections.
how im i suppose to show u?
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:50:48 AM, 4/16/2006
+ Report-Checksum: 642E13E1
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{58F07DD3-924D-4141-BC74-299F523A95F1} -> Adware.WebDir : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-3203099766-3631260599-3849007860-1006\Software\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} -> Spyware.SpyFalcon : Cleaned with backup
HKU\S-1-5-21-3203099766-3631260599-3849007860-1006_Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} -> Spyware.SpyFalcon : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\12000 Porn Pics.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Advanced Search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Anal Interview From Heaven Xxx Porn Dvdrip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Anal Sex Orgy Scene Xxx Porn.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Anal Sexy Party.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Animal Sex Dogs Horses Pigs Snakes And Cows Are [censored] Or Fu.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Anime Artbook Collection The Misc Collection 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Ass 2 Mouth Xxx Scene.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Big Breasted Lesbians Xxx Porn Rip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Busty Cops Adult Xxx Divx 6 Byrdcutz.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Classy Porn Movie.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET Channel.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET News.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Computer Shopper.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DebugPackager 1.9.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DebugView 4.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deccan Encryptor Decryptor 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decifra .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DecisionViewer OCX 4.08.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deck 3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deck The Halls 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Chinese Dictionary 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Chinese FlashCards 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's French FlashCards 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's German FlashCards 1.0.101.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Japanese Dictionary 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Japanese FlashCards 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Korean Dictionary 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Korean FlashCards 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Russian FlashCards 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Spanish FlashCards 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declare 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decode 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DecodeEncode DLLs 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decoder 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decoder 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decookie 1 build 25.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decrypt FlashFXP Passwords 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DecryptSQL 2.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeDup 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dedupe4Excel 1.8.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DedupeIT 1.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deedgital Light 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deejaysystem Audio Mk-II 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deejaysystem Mk-I 5.0a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deejaysystem Video VJ-II 2.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Fighter demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Green Reversi 4.7.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Green Reversi 4.7.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Log Analyzer 2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Navel 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Notes 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Paint 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Sea Tycoon 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Sea Tycoon 2 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Space Above and Beyond 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Space Fantasy 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Space Nine The Fallen updated demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepAnalysis 1.10.14.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepAnalysis 2 + Profit Prophet 2.0.13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepBurner 1.7.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepBurner Free Portable 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepBurner Pro 1.7.2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deepest Sender 0.7.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepInsight 9.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deepnet Explorer 1.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepRipper 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deepside 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deepsky Free 2005.06.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepTrouble 2 1.1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepVacuum 1.4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Avenger 2 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Avenger 4 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Expert 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunt Challenge demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter 2004 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter 2005 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter 2005 v1.2 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter The 2005 Season .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Photo Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer's Revenge 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Default Folder 3.1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefaultBAR 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defect Manager 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defect Tracker 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defence From Dam 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefencePlus 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefenseWall HIPS 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defensor 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defiance demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defiance Final Strike 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defined Terms Indexer 2.0.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Definition Finder 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deformer 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefPrin 1.66.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defrag for Windows 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defrag Timer 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defragment 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defragmenter Pro Plus 3.1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefragMentor Premium 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Degas Screensaver 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deimos Rising 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeInstaller 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deja Vu 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dejal Simon 2.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DejaSurf 4.0.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dejobaan BeBop 1.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Logon 2.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Logon for Citrix ICA Client 2.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Logon for Lotus Notes 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Password Manager 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Private Disk 2.07.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Private Disk Light 1.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Private Disk Multifactor 1.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Secrets Keeper 3.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart SIM Manager 1.09.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DEKSI Modem Pooling 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DEKSI Network Inventory 4.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DEKSI Network Monitor 3.9.0 build 581.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeKstasy 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Del.icio.us Submit ActiveX 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Del.icio.us Widget 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delay Time Calculator 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delayed Shutdown 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delayed Startup 2.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delayer 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DelayPack 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DelDate 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeleD 3D Editor Lite 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delek 2.0.44.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delenda 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delephone Standard 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delete Duplicates for Eudora 5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delete Duplicates For Outlook 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delete Duplicates for Windows 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delete Files Now 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deleted File Analysis Utility 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeleteOnClick 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deletor 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delicioso 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delicious Library 1.5.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delicious Submit 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeLightBall Gold 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeliPlayer 2.03b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deliverance A Single-Player Episode for Half-Life 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell #9 Imagine II Win95NT Video Drivers 52997.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell AWE 64 Value Flash BIOS and Driver Update 52198.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Dimension PxxxaMxxxa FlashBIOS A01 (52797).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Dimension Pxxxv FlashBIOS A05 (52797).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Latitude XPi CD MMX A00 NeoMagic Video Driver 5.26 (61097).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Latitude XPi CD MMX ESS 1887 Win3.x Audio Driver A01 (101697).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Latitude XPi CD Win95 OSR2 CardBus Drivers 6697.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell OptiPlex GG+GX A00 Win95 S3 Video Drivers AOO (6697).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell STB Virge Video Drivers & Utilities 1.24E (52097).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell XJ3288R Modem Drivers Disk 52797.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell3Com 3C589d Drivers Disk 5.3 (52797).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DellMotorola 33.6 Modem Drivers Disk 041197.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DelMar Envelopes Easy 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delphi 6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delphi Knowledge Base 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delphi SWF SDK 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delphi to C++ Builder 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DELSPECial 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force - Black Hawk Down Team Sabre patch 1.5.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force 2 demo 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down Editing Tools 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down gameplay movie 1 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down gameplay movie 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down gameplay movie 3 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down gameplay movie 4 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down music video .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down patch 1.5.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Land Warrior demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Land Warrior patch 8 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Mail 4.88.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Minaret 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Wallet 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta60 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta60 6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaCalendar 1.2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaCopy 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaGraph Updater 5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaGraph Windows 5.4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deltalert 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deltalert Server 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaSpy 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Bates Label Macro for Word 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Mastering Suite 5.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Menu 1.71.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Ski Jump 3 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Solitaire 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeluxeFont 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeluxeFTP 6.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dema Image Resizer 2005 with B-Spline 5.0.16.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dema Virtual Notes 2005 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemandTools for AppExchange 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demise demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demo Builder 5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demo Death Derby 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demo Promotional Copy Analyzer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemoCharge 2005 1.1.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Democracy 1.2b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demolition Derby & Figure 8 Race 1.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demolition Racer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demolition Racer patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemonLisher 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemonStar - Secret Missions 1 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demonstration Screen 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demoralizer Screen Saver 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemoScripter 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemoWare 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dencom Global Address Book 10.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Density Unit Converter 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DentiMax Dental Software 06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DepecheOS 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dependency Compiler 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeployMaster 2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DePopper 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depreciation 4562 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depreciation 4562 Pro 1.0.13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depreciation Component Add-in for Business Plan Pro 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depression 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depression Glass 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Derekware HTML 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Derelict 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Derelict 1.03.46.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Derivator 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeriveIt's Web Content Filter 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descender 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Black Pyro mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Black PyroGL mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Elimination mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Pocket Entropy map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Pyromania mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 custom weapons model .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 v1.0 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3Dfx 1.2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent demo 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent Freespace demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent II 3Dfx 1.2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent II demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent II OpenGL 1.27.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent OpenGL 1.27.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descrambler 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descrypt A Tale of Intelligence 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - New Berlin map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Baghdad Intl Airport map 1.0 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Baghdad map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Blitz Creek map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Blue Valley map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - BoB mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Canalre map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Coral Sea .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Coral Sea 2 with Single Co-op .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - CTF Fix mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Fizzy's Coral Sea map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Gazala Helicopters .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Hopeless map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Inshallah Valley map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Iraq Update map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Lost Jungle map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Operation Razor map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Operation Sid II map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Road to Basra map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Road to Rome map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Stalingrad map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) v0.6f Patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Rats vs. Afrika Korps multiplayer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Rats vs. Afrika Korps Music Pack .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Rats vs. Afrika Korps single-player demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Wildflowers Screen Savers 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deset Pocket Video Maker -- Symbian Edition 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deset Pocket Video Maker 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design a CD Card 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design and Implementing Database with Microsoft SQL Server 2000 8.00.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design Master 6.3.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design Master Electrical 6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design Master HVAC 4.5.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCAD 3D Max 12.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCAD 3D Max Plus 13.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCAD Express 12.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCertAssociate for Cisco 640-861 Exam 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCertProfessional 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designer's Studio (PowerPC) 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing a Microsoft Windows 2000 Directory Services Infrastruc 6.10.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing a Microsoft Windows 2000 Network Infrastructure 6.10.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing and Deploying a Messaging Infrastructure with Microsof 6.08.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing and Implementing Desktop Applications with Microsoft V 6.09.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing and Implementing Distributed Applications with Microso 6.09.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing and Implementing Web Solutions with Microsoft Visual I 6.11.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing Security for a Microsoft Windows 2000 Network 6.09.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing Security for a Microsoft Windows Server 2003 Network 8.00.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignPro Limited Edition 5.2.1201.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorks Lite 4.2b1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorks Lite 4.5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorks Professional 4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorks Professional 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorkshop Lite (68K) 1.8.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorkshop Lite (PowerPC) 1.8.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desk Clock 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desk Marker 2.8.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desk Projection 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskBox 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskbridge Password Manager 1.0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskcalc Pro 3.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskEffects 1.5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskewHelper 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskFlag 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskGrid 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskilatorXP 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskillusion 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskJet 900 Series Driver 3.02 (02282000).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskLauncher 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskLensPro 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desklock Security 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskLook 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskman Personal Edition 5.51.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskman Pro 5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskman SE 6.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskManager 3.28.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskNite 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskNow Lite 2.6.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskPDF Professional 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskPhotoFrame 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskpops Interactive Wallpaper 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskPort 1.91.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskRec 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskroller Screensaver 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskSaver 3.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskSaver Pro 3.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskShade Plus 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskSlide 1.6.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desktastic 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desktility 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
Post by: guestolo on April 16, 2006, 02:37:52 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> I got the picture
Can you do the following please and then just some final recommedations and we're done here
In the Ewido report
Anything found in this folder
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared
Don't post the contents
But post anything below it please
Post by: miszila on April 16, 2006, 02:52:48 AM
C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15F.tmp -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq162.tmp -> TrackingCookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq164.tmp -> TrackingCookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq166.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq167.tmp -> TrackingCookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp -> TrackingCookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
C:\WINDOWS\i386\jscript.dl_/jscript.dll -> Trojan.Small.hr : Cleaned with backup
C:\WINDOWS\system32\1024\ld1301.tmp -> Dropper.Small.akq : Cleaned with backup
C:\WINDOWS\system32\agentsvr.exe -> Adware.Monker : Cleaned with backup
C:\WINDOWS\system32\hp4918.tmp -> Downloader.Zlob.ir : Cleaned with backup
C:\WINDOWS\system32\hp6402.tmp -> Downloader.Zlob.dl : Cleaned with backup
C:\WINDOWS\system32\hp7EA6.tmp -> Downloader.Zlob.dl : Cleaned with backup
C:\WINDOWS\system32\ldE5E4.tmp -> Downloader.Zlob.iv : Cleaned with backup
C:\WINDOWS\system32\MWCANS32.DLL -> Adware.Look2Me : Cleaned with backup
::Report End
Post by: guestolo on April 16, 2006, 02:54:11 AM
Let me know and then we'll just do some minor cleanup
Post by: miszila on April 16, 2006, 02:59:19 AM
i can now view back the task manager.
no more ads poping out so far.
youtube photos/screenshots can b viewed already.
no more error msges
no more my accessmedia file
but the java script:{document.location='http://sexmaxx.com/freegalleries.htm';}
is still there..
Post by: guestolo on April 16, 2006, 03:01:34 AM
Quote
but the java script:{document.location='http://sexmaxx.com/freegalleries.htm';}Where are you finding this?
is still there..
Can you open your Window's Control Panel
Double click to open the Java Icon
Under the General tab>>>Delete files>>leave all selected and click OK
Does that help you out?
Post by: miszila on April 16, 2006, 03:07:39 AM
my computer, my recycle bin my documents.....
tried deleting the files but the javascript is still there..
Post by: guestolo on April 16, 2006, 03:19:57 AM
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as Export.bat
Save this file on the desktop
Code: [Select]
regedit /e Export.txt "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers" Double click on Export.bat and post back the contents
Post by: miszila on April 16, 2006, 03:21:56 AM
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido]
@="{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With]
@="{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
@="{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@="{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}]
@="Start Menu Pin"
Post by: guestolo on April 16, 2006, 03:27:42 AM
If there are any other users on this computer, can I see a log from there profile too
That entry should be easily remove from Hijackthis?
If we don't see it, we'll find it other ways
Could you also delete Export.bat and do this again
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as Export.bat
Save this file on the desktop
Code: [Select]
regedit /e Export.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers"Double click on Export.bat and post back the contents
Post by: miszila on April 16, 2006, 03:30:32 AM
but i cant access to their account bcoz of the password.
n my sis is still at work..
any other ways to remove them?
Logfile of HijackThis v1.99.1
Scan saved at 4:29:04 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/ (http://\"http://www.mofunzone.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg (http://\"http://www.mysingtel.com.sg\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (http://\"https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab (http://\"https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Post by: guestolo on April 16, 2006, 03:32:22 AM
Post by: miszila on April 16, 2006, 04:12:45 AM
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@="{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
Post by: guestolo on April 16, 2006, 11:25:45 AM
We have to find what user key that entry is in
Can you do the following
Download: Registry Search Tool from this link, it's a very small download
http://billsway.com/vbspage/ (http://\"http://billsway.com/vbspage/\")
You will have to scroll down to see it
Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run
In the open field copy and paste the below in bold then hit OK
http://sexmaxx.com/freegalleries.htm
Wait for the results and post them back here
Post by: miszila on April 16, 2006, 12:04:40 PM
; RegSrch.vb script:{document.location='http://sexmaxx.com/freegalleries.htm';}"
Post by: guestolo on April 16, 2006, 12:12:27 PM
Just to be safe, can you do the following one last time please
Can you right click on Export.bat and select EDIT
Delete the contents of Export.bat
In it's place, copy and paste the contents of the code box
Close it and accept the change
Double click on Export.bat and post the contents
Code: [Select]
regedit /e Export.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell"
Post by: miszila on April 16, 2006, 12:15:56 PM
only god knows y..
haha..
here it is..
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\>>> FREE PORN GALLERIES <<<]
@="java script:{document.location='http://sexmaxx.com/freegalleries.htm';}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
"BrowserFlags"=dword:00000022
"ExplorerFlags"=dword:00000021
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
00,25,00,49,00,2c,00,25,00,4c,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec]
@="[ExploreFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\application]
@="Folders"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\ifexec]
@="[]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\topic]
@="AppProperties"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
"BrowserFlags"=dword:00000010
"ExplorerFlags"=dword:00000012
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
00,25,00,4c,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec]
@="[ViewFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\application]
@="Folders"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\ifexec]
@="[]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\topic]
@="AppProperties"
Post by: guestolo on April 16, 2006, 12:20:05 PM
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop
Code: [Select]
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\>>> FREE PORN GALLERIES <<<]Double click on fix.reg and allow to add/merge to the registry at the prompt
Reboot the computer
Let me know if that helps you out
Then we just have a bit of final cleanup
Post by: miszila on April 16, 2006, 12:23:49 PM
Post by: guestolo on April 16, 2006, 12:24:30 PM
I'll be right back with final recommendations
Just hold tight
Post by: miszila on April 16, 2006, 12:28:45 PM
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: guestolo on April 16, 2006, 12:39:06 PM
Final Cleanup
We should flush all your restore points to ensure you don't restore any nasties that may be sitting idle
- Go to START>>RUN>>In the open field
Type in
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point
[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
*Check for updates with your anti-spyware programs and run a scan on a regular basis
Ensure you have the latest versions of Ad-Aware SE 1.06 and Spybot 1.4
In addition, in Spybot
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Please Immunize after every update
*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
In addition: If you have Microsoft Office installed
Make sure you keep up on security updates
You will find a link at Windows Updates named "Office Family"
*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission
+ I would opt to hold onto Ewido and CleanUp!
Ewido will become a Limited free version in a couple weeks, but it's still a great scanner to update and run once a month
I noticed you installed the Guard when installing Ewido
You should remove the Guard only, as it is not needed with the other protections you have running
Open Ewido>>Under the Main Status window under Additional options
"REMOVE GUARD"
+You can enable your Anti-spyware protections and Norton's script blocking
Go ahead and delete
fix.reg
Export.bat
findjobs.bat
remjob.bat
RegSrch.vbs
Look2MeRemover and the log
C:\BFU <-this folder
Hold onto Hijackthis and the backup folder
In a week or so, if your still happy with the way everything is running
Open Hijackthis>>Open Misc tools sections>>>Use the scroll bar and scroll down too
"Uninstall Hijackthis & Exit"
Then manually remove Hijackthis.exe and the backup folder
Forgot about this>>You can go back and rehide Hiddenfiles and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do Not Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Leave Hide Extensions for known file types unchecked
* Click Yes to confirm.
* Click OK.
Stay safe
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />One Note: I noticed reference to SpyFalcon in your Ewido report
Are you or any other user having problems with their desktop or getting prompts to install any anti-spyware program?
Post by: miszila on April 17, 2006, 09:41:11 AM
nope there isnt an prompt to install everything..
my computer ok already right?
Post by: guestolo on April 17, 2006, 10:14:54 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> I'll lock this topic as your problems appear resolved
Take care