Author Topic: HijackThis log (Read 958 times)

miszila · « **on:** April 15, 2006, 12:19:42 PM »

heya, hope someone can help me.
i was browsing thru some website when it suddenly installs something to my comp a few days back.
everr since that happen, lots of errors appear.

1)ads n popups.
these ads have been "overwritting" on the pics on the web when im surfing.. n its very irritating.. when searching videos at youtube.com, all the photos changed into ads..

2)n an error msg "unable to run DLL as an app"
n they say "need to shut down system explorer"
now i cant open my Task manager.

3)and i also have this java script:{document.location='http://sexmaxx.com/freegalleries.htm';}
when i right click on any folders.. how to remove them n how they come abt?

4)n i have this My AccessMedia folder.. its empty inside.. however, i've deleted it many times but it keeps on reappearing..

im using a laptop n windows XP n it belongs to my sis.
i really hope someone could help me.

here's my latest hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 12:59:30 AM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Network\ipnetwork.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\agentsvr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [Metainternetaboutbows] C:\Documents and Settings\All Users\Application Data\Coal Style Meta Internet\FUNKLESS.exe
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\enjsl1171.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

guestolo · « **Reply #1 on:** April 15, 2006, 12:56:34 PM »

You have a few different problems, nothing we can't remove however

Please download the latest version of Look2Me-Remover.exe to your desktop.
DO NOT RUN THIS YET
==========================================
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU

Please download Brute Force Uninstaller
Reminder, choose SAVE rather than OPEN
Save this too the desktop
Once you have it saved too desktop
Then Extract (UNZIP) the contents to the (C:\BFU) folder you just made
So you now have C:\Bfu\bfu.exe

[color=\"#CC0000\"]RIGHT CLICK HERE[/color]
and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover.
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\alcanshorty.bfu
======================================================

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

I need you too do the following
Spybot's TeaTimer is a great tool, but it may, and probably will interfere with any fixes we are to try
Open Spybot, click on MODE>>Advanced Mode>>Ok the prompt
Click on TOOLS in the bottom left
Then click on RESIDENT on the top left column
On the right hand side, uncheck ONLY Resident "TeaTimer"
Accept the change

I need you too disable
Microsoft AntiSpyware realtime protections
Open Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Reboot the computer to ensure both are disabled
Leave these disabled please until AFTER we are sure you are completely clean
I'll let you know when you can reenable them!

Back in Windows
Norton's Scriptblocking may interfere as well
To disable Norton AntiVirus Script Blocking

1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK.
Also keep this disabled until after we have you clean
Can you temporarily disable Norton's AutoProtect
Here's a link to explain
http://service1.symantec.com/SUPPORT/nav.n...d/1997121131456
You can reenable this after the computer has rebooted from the below fix, but keep Script blocking disabled and your anti-spyware protections

* Close all windows before continuing.

=Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to alcanshorty.bfu in the C:\BFU folder
Right click alcanshorty.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.

* Double-click Look2Me-Remover.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Remover will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
After you have completed the restart back to Normal mode

Post back the following please
1. Post a fresh hijackthis log
2. Please post the contents of log from look2me destroyer on your desktop or in C:\Look2Me-Remover.txt
3. Could I also have you do the following

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste to the empty notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as findjobs.bat
Save this file on the desktop

Code: [Select]

dir %Windir%\tasks /a h > files.txt
notepad files.txt

Double click on findjobs.bat
A text file will open, can you copy and paste the contents back here please

We have more work to do, but the above is a start to get this system completely clean

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

miszila · « **Reply #2 on:** April 15, 2006, 02:15:09 PM »

thank god u reply!!!
i've follow as told..

here's my new hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 3:09:55 AM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\agentsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Metainternetaboutbows] C:\Documents and Settings\All Users\Application Data\Coal Style Meta Internet\FUNKLESS.exe
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

n here's my look2me destroyer log

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/16/2006 2:59:04 AM

Infected! C:\WINDOWS\system32\l6j8lg1u16.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP213\A0104445.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104714.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104814.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104826.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105113.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105129.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105142.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105146.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105194.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105195.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105207.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105208.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105248.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105260.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105264.dll
Infected! C:\WINDOWS\system32\enj8l11u1.dll
Infected! C:\WINDOWS\system32\kqdintam.dll
Infected! C:\WINDOWS\system32\l6j8lg1u16.dll
Infected! C:\WINDOWS\system32\lvp2097oe.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\l6j8lg1u16.dll
C:\WINDOWS\system32\l6j8lg1u16.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP213\A0104445.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP213\A0104445.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104714.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104714.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104814.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104814.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104826.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0104826.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105113.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105113.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105129.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105129.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105142.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105142.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105146.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105146.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105194.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105194.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105195.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105195.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105207.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105207.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105208.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105208.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105248.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105248.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105260.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105260.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105264.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP214\A0105264.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enj8l11u1.dll
C:\WINDOWS\system32\enj8l11u1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kqdintam.dll
C:\WINDOWS\system32\kqdintam.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l6j8lg1u16.dll
C:\WINDOWS\system32\l6j8lg1u16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvp2097oe.dll
C:\WINDOWS\system32\lvp2097oe.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FE4129A8-4844-4928-B17F-396081B5CB0A}"
HKCR\Clsid\{FE4129A8-4844-4928-B17F-396081B5CB0A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7479D2AB-1E33-442B-9D80-90B6A6A6DD6D}"
HKCR\Clsid\{7479D2AB-1E33-442B-9D80-90B6A6A6DD6D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D76B74D5-0A86-4203-AF17-780A2CDEB3EF}"
HKCR\Clsid\{D76B74D5-0A86-4203-AF17-780A2CDEB3EF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3F4F93D7-69FA-4F42-A5CF-34AE5B16E250}"
HKCR\Clsid\{3F4F93D7-69FA-4F42-A5CF-34AE5B16E250}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EC49F62B-7C4B-4A46-88ED-6452FAAE02DF}"
HKCR\Clsid\{EC49F62B-7C4B-4A46-88ED-6452FAAE02DF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FF95BB3D-B54F-4AB4-AAFD-8B3E83937922}"
HKCR\Clsid\{FF95BB3D-B54F-4AB4-AAFD-8B3E83937922}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

here's my notepad

Volume in drive C is ACER
Volume Serial Number is 90B7-155A

Directory of C:\WINDOWS\tasks

04/16/2006 03:06 AM <DIR> .
04/16/2006 03:06 AM <DIR> ..
04/16/2006 03:00 AM 260 A23AD56891855240.job
04/16/2006 03:00 AM 256 A5CC9FD891871AD0.job
04/16/2006 03:00 AM 260 A8D77CBA9184F2DE.job
04/16/2006 03:00 AM 256 AC70ECB2918F62B6.job
04/16/2006 03:00 AM 256 ACDE28769185DA66.job
04/16/2006 03:00 AM 260 ADC2D3AD958151A1.job
08/04/2004 05:00 AM 65 desktop.ini
04/14/2006 08:00 PM 528 Norton AntiVirus - Scan my computer - FiZa.job
06/17/2005 01:13 AM 480 Norton AntiVirus - Scan my computer - ZiLa.job
04/16/2006 03:06 AM 6 SA.DAT
04/15/2006 11:37 AM 362 Symantec NetDetect.job
11 File(s) 2,989 bytes

Directory of C:\Documents and Settings\ZiLa\Desktop

guestolo · « **Reply #3 on:** April 15, 2006, 02:45:48 PM »

Good work
Now let's try and clean the rest of it for you

==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as remjob.bat
Save this file on the desktop
We'll need it later

Code: [Select]

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A23AD56891855240.job
attrib -r -s -h A5CC9FD891871AD0.job
attrib -r -s -h A8D77CBA9184F2DE.job
attrib -r -s -h AC70ECB2918F62B6.job
attrib -r -s -h ACDE28769185DA66.job
attrib -r -s -h ADC2D3AD958151A1.job
del A23AD56891855240.job
del A5CC9FD891871AD0.job
del A8D77CBA9184F2DE.job
del AC70ECB2918F62B6.job
del ACDE28769185DA66.job
del ADC2D3AD958151A1.job

Download and install Windows CleanUp! 4.5.1
Don't run this yet

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" UNCHECK

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

==Double click on remjob.bat A window will open and close, this is normal

==Use Windows Explore to find and remove the following folder
C:\Documents and Settings\All Users\Application Data\Coal Style Meta Internet <-this folder

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
"decline to log off or restart the computer"
Remain in safe mode

==Open Ewido Anti-Malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O4 - HKLM\..\Run: [Metainternetaboutbows] C:\Documents and Settings\All Users\Application Data\Coal Style Meta Internet\FUNKLESS.exe
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode

Post back all the following please
1. Post a fresh hijackthis log
2. Post the whole Ewido report
3. Can you double click on findjobs.bat again and post the contents of the text file that opens

miszila · « **Reply #4 on:** April 15, 2006, 08:15:36 PM »

i've done everything but was unable to delete this one coz it wasnt on the hijackthis
O4 - HKCU\..\Run: [agentsvr] C:\WINDOWS\system32\agentsvr.exe

here's my latest hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 9:02:29 AM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

textfile

Volume in drive C is ACER
Volume Serial Number is 90B7-155A

Directory of C:\WINDOWS\tasks

04/16/2006 04:23 AM <DIR> .
04/16/2006 04:23 AM <DIR> ..
08/04/2004 05:00 AM 65 desktop.ini
04/14/2006 08:00 PM 528 Norton AntiVirus - Scan my computer - FiZa.job
06/17/2005 01:13 AM 480 Norton AntiVirus - Scan my computer - ZiLa.job
04/16/2006 08:59 AM 6 SA.DAT
04/16/2006 03:37 AM 362 Symantec NetDetect.job
5 File(s) 1,441 bytes

Directory of C:\Documents and Settings\ZiLa\Desktop

miszila · « **Reply #5 on:** April 15, 2006, 08:35:35 PM »

my ewido report is tooooo long.
i cant attach it either coz the size is too big..
found 4379 infections.
how im i suppose to show u?

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         8:50:48 AM, 4/16/2006
+ Report-Checksum:      642E13E1

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{58F07DD3-924D-4141-BC74-299F523A95F1} -> Adware.WebDir : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
   HKU\S-1-5-21-3203099766-3631260599-3849007860-1006\Software\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} -> Spyware.SpyFalcon : Cleaned with backup
   HKU\S-1-5-21-3203099766-3631260599-3849007860-1006_Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} -> Spyware.SpyFalcon : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\12000 Porn Pics.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Advanced Search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Anal Interview From Heaven Xxx Porn Dvdrip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Anal Sex Orgy Scene Xxx Porn.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Anal Sexy Party.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Animal Sex Dogs Horses Pigs Snakes And Cows Are [censored] Or Fu.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Anime Artbook Collection The Misc Collection 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Ass 2 Mouth Xxx Scene.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Big Breasted Lesbians Xxx Porn Rip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Busty Cops Adult Xxx Divx 6 Byrdcutz.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Classy Porn Movie.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET Channel.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET News.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Computer Shopper.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DebugPackager 1.9.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DebugView 4.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deccan Encryptor Decryptor 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decifra .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DecisionViewer OCX 4.08.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deck 3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deck The Halls 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Chinese Dictionary 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Chinese FlashCards 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's French FlashCards 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's German FlashCards 1.0.101.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Japanese Dictionary 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Japanese FlashCards 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Korean Dictionary 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Korean FlashCards 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Russian FlashCards 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declan's Spanish FlashCards 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Declare 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decode 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DecodeEncode DLLs 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decoder 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decoder 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decookie 1 build 25.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Decrypt FlashFXP Passwords 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DecryptSQL 2.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeDup 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dedupe4Excel 1.8.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DedupeIT 1.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deedgital Light 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deejaysystem Audio Mk-II 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deejaysystem Mk-I 5.0a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deejaysystem Video VJ-II 2.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Fighter demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Green Reversi 4.7.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Green Reversi 4.7.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Log Analyzer 2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Navel 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Notes 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Paint 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Sea Tycoon 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Sea Tycoon 2 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Space Above and Beyond 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Space Fantasy 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deep Space Nine The Fallen updated demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepAnalysis 1.10.14.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepAnalysis 2 + Profit Prophet 2.0.13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepBurner 1.7.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepBurner Free Portable 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepBurner Pro 1.7.2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deepest Sender 0.7.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepInsight 9.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deepnet Explorer 1.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepRipper 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deepside 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deepsky Free 2005.06.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepTrouble 2 1.1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeepVacuum 1.4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Avenger 2 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Avenger 4 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Expert 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunt Challenge demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter 2004 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter 2005 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter 2005 v1.2 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Hunter The 2005 Season .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer Photo Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deer's Revenge 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Default Folder 3.1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefaultBAR 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defect Manager 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defect Tracker 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defence From Dam 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefencePlus 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefenseWall HIPS 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defensor 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defiance demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defiance Final Strike 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defined Terms Indexer 2.0.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Definition Finder 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deformer 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefPrin 1.66.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defrag for Windows 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defrag Timer 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defragment 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Defragmenter Pro Plus 3.1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DefragMentor Premium 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Degas Screensaver 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deimos Rising 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeInstaller 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deja Vu 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dejal Simon 2.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DejaSurf 4.0.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dejobaan BeBop 1.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Logon 2.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Logon for Citrix ICA Client 2.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Logon for Lotus Notes 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Password Manager 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Private Disk 2.07.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Private Disk Light 1.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Private Disk Multifactor 1.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart Secrets Keeper 3.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dekart SIM Manager 1.09.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DEKSI Modem Pooling 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DEKSI Network Inventory 4.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DEKSI Network Monitor 3.9.0 build 581.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeKstasy 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Del.icio.us Submit ActiveX 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Del.icio.us Widget 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delay Time Calculator 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delayed Shutdown 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delayed Startup 2.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delayer 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DelayPack 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DelDate 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeleD 3D Editor Lite 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delek 2.0.44.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delenda 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delephone Standard 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delete Duplicates for Eudora 5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delete Duplicates For Outlook 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delete Duplicates for Windows 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delete Files Now 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deleted File Analysis Utility 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeleteOnClick 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deletor 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delicioso 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delicious Library 1.5.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delicious Submit 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeLightBall Gold 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeliPlayer 2.03b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deliverance A Single-Player Episode for Half-Life 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell #9 Imagine II Win95NT Video Drivers 52997.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell AWE 64 Value Flash BIOS and Driver Update 52198.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Dimension PxxxaMxxxa FlashBIOS A01 (52797).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Dimension Pxxxv FlashBIOS A05 (52797).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Latitude XPi CD MMX A00 NeoMagic Video Driver 5.26 (61097).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Latitude XPi CD MMX ESS 1887 Win3.x Audio Driver A01 (101697).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell Latitude XPi CD Win95 OSR2 CardBus Drivers 6697.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell OptiPlex GG+GX A00 Win95 S3 Video Drivers AOO (6697).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell STB Virge Video Drivers & Utilities 1.24E (52097).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell XJ3288R Modem Drivers Disk 52797.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dell3Com 3C589d Drivers Disk 5.3 (52797).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DellMotorola 33.6 Modem Drivers Disk 041197.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DelMar Envelopes Easy 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delphi 6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delphi Knowledge Base 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delphi SWF SDK 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delphi to C++ Builder 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DELSPECial 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force - Black Hawk Down Team Sabre patch 1.5.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force 2 demo 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down Editing Tools 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down gameplay movie 1 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down gameplay movie 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down gameplay movie 3 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down gameplay movie 4 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down music video .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down patch 1.5.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Black Hawk Down trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Land Warrior demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Force Land Warrior patch 8 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Mail 4.88.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Minaret 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta Wallet 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta60 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Delta60 6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaCalendar 1.2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaCopy 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaGraph Updater 5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaGraph Windows 5.4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deltalert 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deltalert Server 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeltaSpy 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Bates Label Macro for Word 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Mastering Suite 5.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Menu 1.71.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Ski Jump 3 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deluxe Solitaire 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeluxeFont 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeluxeFTP 6.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dema Image Resizer 2005 with B-Spline 5.0.16.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dema Virtual Notes 2005 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemandTools for AppExchange 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demise demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demo Builder 5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demo Death Derby 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demo Promotional Copy Analyzer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemoCharge 2005 1.1.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Democracy 1.2b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demolition Derby & Figure 8 Race 1.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demolition Racer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demolition Racer patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemonLisher 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemonStar - Secret Missions 1 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demonstration Screen 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Demoralizer Screen Saver 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemoScripter 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DemoWare 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dencom Global Address Book 10.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Density Unit Converter 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DentiMax Dental Software 06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DepecheOS 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Dependency Compiler 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeployMaster 2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DePopper 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depreciation 4562 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depreciation 4562 Pro 1.0.13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depreciation Component Add-in for Business Plan Pro 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depression 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Depression Glass 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Derekware HTML 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Derelict 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Derelict 1.03.46.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Derivator 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeriveIt's Web Content Filter 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descender 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Black Pyro mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Black PyroGL mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Elimination mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Pocket Entropy map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 - Pyromania mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 custom weapons model .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3 v1.0 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent 3Dfx 1.2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent demo 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent Freespace demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent II 3Dfx 1.2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent II demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent II OpenGL 1.27.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descent OpenGL 1.27.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descrambler 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Descrypt A Tale of Intelligence 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - New Berlin map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Baghdad Intl Airport map 1.0 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Baghdad map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Blitz Creek map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Blue Valley map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - BoB mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Canalre map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Coral Sea .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Coral Sea 2 with Single Co-op .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - CTF Fix mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Fizzy's Coral Sea map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Gazala Helicopters .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Hopeless map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Inshallah Valley map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Iraq Update map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Lost Jungle map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Operation Razor map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Operation Sid II map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Road to Basra map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Road to Rome map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) - Stalingrad map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Combat (Battlefield 1942) v0.6f Patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Rats vs. Afrika Korps multiplayer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Rats vs. Afrika Korps Music Pack .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Rats vs. Afrika Korps single-player demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desert Wildflowers Screen Savers 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deset Pocket Video Maker -- Symbian Edition 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deset Pocket Video Maker 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design a CD Card 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design and Implementing Database with Microsoft SQL Server 2000 8.00.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design Master 6.3.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design Master Electrical 6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Design Master HVAC 4.5.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCAD 3D Max 12.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCAD 3D Max Plus 13.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCAD Express 12.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCertAssociate for Cisco 640-861 Exam 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignCertProfessional 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designer's Studio (PowerPC) 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing a Microsoft Windows 2000 Directory Services Infrastruc 6.10.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing a Microsoft Windows 2000 Network Infrastructure 6.10.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing and Deploying a Messaging Infrastructure with Microsof 6.08.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing and Implementing Desktop Applications with Microsoft V 6.09.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing and Implementing Distributed Applications with Microso 6.09.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing and Implementing Web Solutions with Microsoft Visual I 6.11.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing Security for a Microsoft Windows 2000 Network 6.09.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Designing Security for a Microsoft Windows Server 2003 Network 8.00.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignPro Limited Edition 5.2.1201.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorks Lite 4.2b1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorks Lite 4.5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorks Professional 4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorks Professional 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorkshop Lite (68K) 1.8.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DesignWorkshop Lite (PowerPC) 1.8.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desk Clock 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desk Marker 2.8.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desk Projection 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskBox 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskbridge Password Manager 1.0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskcalc Pro 3.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskEffects 1.5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskewHelper 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskFlag 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskGrid 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskilatorXP 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskillusion 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskJet 900 Series Driver 3.02 (02282000).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskLauncher 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskLensPro 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desklock Security 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskLook 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskman Personal Edition 5.51.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskman Pro 5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskman SE 6.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskManager 3.28.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskNite 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskNow Lite 2.6.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskPDF Professional 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskPhotoFrame 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskpops Interactive Wallpaper 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskPort 1.91.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskRec 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Deskroller Screensaver 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskSaver 3.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskSaver Pro 3.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskShade Plus 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\DeskSlide 1.6.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desktastic 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared\Desktility 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup

guestolo · « **Reply #6 on:** April 16, 2006, 02:37:52 AM »

Great job

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />
I got the picture
Can you do the following please and then just some final recommedations and we're done here
In the Ewido report
Anything found in this folder
C:\Documents and Settings\HaFiQ\My Documents\Morpheus Shared\Shared
Don't post the contents
But post anything below it please

miszila · « **Reply #7 on:** April 16, 2006, 02:52:48 AM »

here they are

C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15F.tmp -> TrackingCookie.Bluestreak : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq162.tmp -> TrackingCookie.Com : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq164.tmp -> TrackingCookie.Revenue : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq166.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq167.tmp -> TrackingCookie.Adserver : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp -> TrackingCookie.Falkag : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> TrackingCookie.Trafficmp : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
   C:\WINDOWS\i386\jscript.dl_/jscript.dll -> Trojan.Small.hr : Cleaned with backup
   C:\WINDOWS\system32\1024\ld1301.tmp -> Dropper.Small.akq : Cleaned with backup
   C:\WINDOWS\system32\agentsvr.exe -> Adware.Monker : Cleaned with backup
   C:\WINDOWS\system32\hp4918.tmp -> Downloader.Zlob.ir : Cleaned with backup
   C:\WINDOWS\system32\hp6402.tmp -> Downloader.Zlob.dl : Cleaned with backup
   C:\WINDOWS\system32\hp7EA6.tmp -> Downloader.Zlob.dl : Cleaned with backup
   C:\WINDOWS\system32\ldE5E4.tmp -> Downloader.Zlob.iv : Cleaned with backup
   C:\WINDOWS\system32\MWCANS32.DLL -> Adware.Look2Me : Cleaned with backup

::Report End

guestolo · « **Reply #8 on:** April 16, 2006, 02:54:11 AM »

How's everything running on your end?
Let me know and then we'll just do some minor cleanup

miszila · « **Reply #9 on:** April 16, 2006, 02:59:19 AM »

bump

i can now view back the task manager.

no more ads poping out so far.

youtube photos/screenshots can b viewed already.

no more error msges

no more my accessmedia file

but the java script:{document.location='http://sexmaxx.com/freegalleries.htm';}
is still there..

guestolo · « **Reply #10 on:** April 16, 2006, 03:01:34 AM »

Quote

but the java script:{document.location='http://sexmaxx.com/freegalleries.htm';}
is still there..

Where are you finding this?

Can you open your Window's Control Panel
Double click to open the Java Icon
Under the General tab>>>Delete files>>leave all selected and click OK

Does that help you out?

miszila · « **Reply #11 on:** April 16, 2006, 03:07:39 AM »

found them when i right click most of my desktop icons.
my computer, my recycle bin my documents.....

tried deleting the files but the javascript is still there..

guestolo · « **Reply #12 on:** April 16, 2006, 03:19:57 AM »

Can you do the following please
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as Export.bat

Save this file on the desktop

Code: [Select]

regedit /e Export.txt "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers"

Double click on Export.bat and post back the contents

miszila · « **Reply #13 on:** April 16, 2006, 03:21:56 AM »

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido]
@="{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With]
@="{09799AFB-AD67-11d1-ABCD-00C04FC30936}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
@="{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@="{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}]
@="Start Menu Pin"

guestolo · « **Reply #14 on:** April 16, 2006, 03:27:42 AM »

Can I see a new Hijackthis log please
If there are any other users on this computer, can I see a log from there profile too
That entry should be easily remove from Hijackthis?
If we don't see it, we'll find it other ways

Could you also delete Export.bat and do this again
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as Export.bat

Save this file on the desktop

Code: [Select]

regedit /e Export.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers"
Double click on Export.bat and post back the contents

miszila · « **Reply #15 on:** April 16, 2006, 03:30:32 AM »

ya there are 2 more users of this computer.
but i cant access to their account bcoz of the password.
n my sis is still at work..
any other ways to remove them?

Logfile of HijackThis v1.99.1
Scan saved at 4:29:04 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

guestolo · « **Reply #16 on:** April 16, 2006, 03:32:22 AM »

I edited my last reply, can you do the above please

miszila · « **Reply #17 on:** April 16, 2006, 04:12:45 AM »

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@="{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

guestolo · « **Reply #18 on:** April 16, 2006, 11:25:45 AM »

Ahhh, that's not it
We have to find what user key that entry is in
Can you do the following
Download: Registry Search Tool from this link, it's a very small download
http://billsway.com/vbspage/
You will have to scroll down to see it

Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run

In the open field copy and paste the below in bold then hit OK

http://sexmaxx.com/freegalleries.htm

Wait for the results and post them back here

miszila · « **Reply #19 on:** April 16, 2006, 12:04:40 PM »

REGEDIT4
; RegSrch.vb script:{document.location='http://sexmaxx.com/freegalleries.htm';}"

News:

Author Topic: HijackThis log (Read 958 times)