Popup problems

Wasim245 · 2006/06/07

I was wondering whether someone could help me with problems I am having with many popups on my computer. I have a copy of a HJT report.

Logfile of HijackThis v1.99.1
Scan saved at 09:29:59, on 07/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\0mcamcap.exe
C:\Program Files\iciicdgw.exe
C:\WINDOWS\System32\rpcc.exe
C:\Program Files\ipwins\ipwins.exe
C:\MYDOCU~1\WNSXS~1\chkdsk.exe
C:\PROGRA~1\COMMON~1\wokf\wokfm.exe
C:\WINDOWS\??sks\??rss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\PROGRA~1\COMMON~1\wokf\wokfa.exe
C:\Program Files\Outlook Express\msoe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\System32\dxvwtrvq.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\dxvwrtqm.exe
C:\WINDOWS\System32\dxvwpgfi.exe
C:\Program Files\GreatMemo\GreatMemo.exe
C:\WINDOWS\System32\dxvwufwp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dxvwwohx.exe
C:\Documents and Settings\Wasim Arif\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [w227b16f.dll] RUNDLL32.EXE w227b16f.dll,I2 001197b20227b16f
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\Run: [SysTray] C:\Program Files\iciicdgw.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\System32\dxvwwohx.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [Eshs] "C:\MYDOCU~1\WNSXS~1\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [wokf] C:\PROGRA~1\COMMON~1\wokf\wokfm.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [Khfcay] C:\WINDOWS\SKS~1\RSS~1.EXE
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [Trust Cleaner] C:\Program Files\Trust Cleaner\TrustCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Fotomat Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13c715bf37b85c316905/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146935809077
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - AppInit_DLLs: dexplore.dll C:\WINDOWS\System32\dexplore.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\lv0809due.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\fnj0211mg.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: ZEqfWs - {C0734B27-6AD9-E18D-ED03-F3FEA9CFA865} - C:\WINDOWS\System32\opuw.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_21.dll
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

TeMerc · 2006/06/07

Hello Wasim and welcome to the forums.

Goodness, you have a multitude of problems here. I'll be doing some reseach to see what is the best way to proceed, and will return later with instructions, be patient.

Thanks.

TeMerc · 2006/06/07

OK, first thing we are going to do is have you run some scans, which if you have already done with the apps I suggest, you may skip of course.

Once these scans have removed some of the easier infections, we'll get a clearer picture of what specialized fixes will be required.

Please go HERE to run the Trend Microâ„¢ HouseCall Scan.

Click Scan now. It's free!

Read and put a Check next to Yes I accept the terms of use.

Click the Launching HouseCall>> button.

If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.

You may receive a Security Warning about the TrendMicro Java applet, click YES.

Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.

Please be patient while it installs, updates, and scans your system.

Once the scan is complete, it will take you to the summary page.

Under Cleanup options, choose clean all detected infections automatically.

Click the Clean now>> button.

If anything was found you may be prompted to run the scan again, you can just close the browser window.

Once that is done:

Please download, install, and update the NEW free version of Ewido Anti-Malware:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu ".

When you run Ewido for the first time, you may get a warning "Database could not be found! ". Click OK. We will fix this in a moment.

From the main Ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful ")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If Ewido finds anything, it will pop up a notification. Select "Remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

When the scan finishes, click on "Save Report ". This will create a text file. Make sure you know where to find this file again.

Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

1) Run Ad-Aware, and click Check for updates now.

2) Select Configurations (click the Gear wheel at the top) as follows:

General Button > Safety & Settings: Check (Green) all three.

Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion ".

Click Proceed.

3) To start the scan, Click > "Scan Now" at left

De select "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.

Select "Search for low-risk threats"

Select "Perform full system scan"

Click Next

4) When the scan has completed, select Next.

In the Scanning Results window, select the "Critical Objects" tab.

Right-click on the screen and choose "Select all objects "

Click Next to remove the infections found, and click OK to the prompt.

Restart the computer.

Next:

Download Spybot Search & Destroy v1.4 from here

Follow the install dialog routine.

Select "Search for updates" and then select all available updates.

Click on the drop-down box in the top center to choose a download location nearest to you.

Then click "Download updates ".

Then click on "Check for problems ".

When the scan has finished, select any entries listed in red and click "Fix selected problems ".

Then please restart your computer again, run HJT and post a fresh log, with only the Ewido scan log as well.

Wasim245 · 2006/06/09

I have done all the things you said to do. It has made a difference although there are still some problems. Thanks for your help so far, also I have the 2 reports you asked for.

Logfile of HijackThis v1.99.1
Scan saved at 11:46:48, on 09/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\MYDOCU~1\WNSXS~1\chkdsk.exe
C:\WINDOWS\SKS~1\RSS~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\GreatMemo\GreatMemo.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Symantec\SYMEVNT.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Documents and Settings\Wasim Arif\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Documents and Settings\Wasim Arif\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [w227b16f.dll] RUNDLL32.EXE w227b16f.dll,I2 001197b20227b16f
O4 - HKLM\..\Run: [SysTray] C:\Program Files\iciicdgw.exe
O4 - HKCU\..\Run: [Eshs] "C:\MYDOCU~1\WNSXS~1\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [wokf] C:\PROGRA~1\COMMON~1\wokf\wokfm.exe
O4 - HKCU\..\Run: [Khfcay] C:\WINDOWS\SKS~1\RSS~1.EXE
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [Trust Cleaner] C:\Program Files\Trust Cleaner\TrustCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Fotomat Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13c715bf37b85c316905/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146935809077
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - AppInit_DLLs: dexplore.dll C:\WINDOWS\System32\dexplore.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\t28ulcl91fq.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\fnj0211mg.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: ZEqfWs - {C0734B27-6AD9-E18D-ED03-F3FEA9CFA865} - C:\WINDOWS\System32\opuw.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Wasim245 · 2006/06/09

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:53:27, 09/06/2006
+ Report-Checksum: 5EAA1C5E

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1214440339-1957994488-854245398-1003\Software\DNS -> Adware.Shorty : Cleaned with backup
[1540] C:\WINDOWS\system32\krdusl.dll -> Adware.Look2Me : Error during cleaning
[1804] C:\WINDOWS\system32\krdusl.dll -> Adware.Look2Me : Error during cleaning
[2044] C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup
[196] C:\WINDOWS\System32\w227b16f.dll -> Downloader.Agent.ahv : Cleaned with backup
[184] C:\WINDOWS\System32\0mcamcap.exe -> Proxy.Small.bo : Cleaned with backup
[604] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe -> Dropper.VB.lu : Cleaned with backup
[2272] C:\Program Files\QMgr\qpri_0.exe -> Adware.Agent : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Cookies\wasim arif@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Local Settings\Temp\wschtm35.dll -> Not-A-Virus.Hoax.Win32.Renos.di : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Local Settings\Temporary Internet Files\Content.IE5\S927W9QF\2238[1].exe -> Trojan.Spambot : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\1 DVD Ripper 1.2.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\1st Security Agent v6.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\4Musics OGG to WMA Converter 2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\4Musics WAV Bitrate Changer 2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\4Musics WAV to MP3 Converter 2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\4Musics WAV to OGG Converter 2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\4Musics WAV to WMA Converter 2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\4Musics WMA Bitrate Changer 2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\4Musics WMA to MP3 Converter 2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\8Signs Firewall v2.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\A1 DVD Copy v1.2.18.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ability Mail Server v2.52.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ACDSee PowerPack 7.0.61.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Acronis Disk Director Suite 9.0.549.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Adobe Encore DVD v2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Adobe Pagemaker 7.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Advanced Internet Kiosk 3.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Adware Away v3.0.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ahead DVD Ripper v1.3.16.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\AI RoboForm Pro v6.7.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Alien Skin Eye Candy 5 Nature v5.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Alive DVD Ripper v1.3.2.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\All Media Fixer Pro v5.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ALO Audio Editor v1.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Anchorman The Legend of Ron Burgundy.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Anfx V5.3.2.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Anti Tracks v5.9.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Anti Tracks v5.9.8 Eclipse.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Anti Tracks v6.0.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\AnyDVD 3.9.4.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\AnyDVD 6.0.0.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\AnyDVD v5.9.63.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Apollo Audio DVD Creator 1.2.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Apollo CD And DVD Label Maker v1.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Apollo DVD Creator 2.9.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Araxis Merge 6.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ardamax Keylogger v2.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Arial Audio Converter 2.3.28.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Armor Tools 6.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ashampoo Magic Security 1.65.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ashampoo Magic Security v1.65 (Full).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ashampoo Magical Snap v1.00.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ashampoo Movie Shrink 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Astra32 v1.40.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Astrology Program For Mobile Phones Cell Phones.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Atomix Virtual DJ 3.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Atrex 11.11.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Audio Commander v3.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Auto Imager v3.04.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Automize v6.25.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\AutoRun 3.0.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Auvisoft Audio Splitter Joiner 1.60.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\AVD Graphic Studio v6.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Aye Shutdown 5.86.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Babylon 6 6.0.0 r27.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Background Color Aid v1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Backup Made Simple 5.1.193.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\BatchRename 2 v2.70.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Bikers Log ver. 5.0 Gold.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\BitComet 0.61.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Blow Up 1.47.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Breeze Browser v2.11 (Full).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Browser Prowler v2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\BSPlayer Pro 1.36 Build 825 (full).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\BurnerSoft Smart DVD CD Burner v3.0.42.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Camtasia Studio.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Canvas X.0.2.925 MacOSX.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\CD Bank Cataloguer 2.7.1 Build 256.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\CD DVD catalog v2.1.2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\CD DVD Data Recovery 1.0.757.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Chariots Of War.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Cheetah CD Burner v3.25.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Clean Disk Security 7.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Clean Disk Security v7.52.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\CleanCenter Full.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\CloneDVD 3.5.4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\CodecInstaller v2.0.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\CodeDrawer v1.8.2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Copy DVD Gold 2.12.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\CopyToDVD v3.0.66.127.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Cosmic Stacker 1.14.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Cucusoft DVD To iPod Converter v3.17.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Curvemeister Curves v2.0.21 for Adobe Photoshop.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Cute CD DVD Burner v2.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Cyberlink Power2Go v5.00.1104.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\CyberLink PowerDVD 7.0.1725.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Daemon Tools 4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DaRO Registry Fixer 2006 v.2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Defocus Dei v4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Delayed Shutdown 1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Desktop Graffitist 1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Digital Anarchy Primatte Chromakey v2.1 for Adobe.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Digital MediaRescue Pro v3.5.124.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DigitByte WinAudio Recorder v2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DiskExplorer For NTFS v2.31.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DiskMonitor 5.0.0.17.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DLL Toys International ED 2004 vR4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Dr.Web 4.33.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DSL Speed v3.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DSL Speed v3.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Dungeon Lords.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DVDFab Gold v2.9.6.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DVDFab Platinum v2.9.6.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\DZSoft PHP Editor 3.5.0.2.exe -> Dropper.VB.lu : Cleaned with backup

Wasim245 · 2006/06/09

Report continued

C:\Documents and Settings\Wasim Arif\Shared\_\e-PDF Document Converter 2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\EA Sports Cricket 2005.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\EarthDesk 3.0.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\EarthView v3.4.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ease Audio Converter 3.10.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Easy CD and DVD Cover Creator 4.09.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Easy CD-DA Extractor v9.1.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Easy PDF to Html Converter 2.0.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Easy Video Joiner 5.21.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\EasyMPEG MX v3.2.3.166.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\EmailSpider 8.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Enemy Of The State.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\eNotebook v3.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Error Doctor 2006 1.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Essential PHP Security.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Essential SNMP.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Essentials of Human Physiology.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Evonsoft Advanced Spyware Remover 1.88.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Excel 2003 Bible.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Eye Spy Pro v1.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Failure to Launch.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\FairStars Recorder v2.64.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Falling Down.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Family Guy Season 1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Fartovyy (2006) S.amRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Fax Machine 4.22.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\File Blast v1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\File Deleter 1.018.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Finding Nemo DVDRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\FireBurner 2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Flash2Video v3.02.460.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\FlashFXP v3.3.4.1106 Beta.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\FlashGet 1.70.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\FlashGet 1.72.128.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\FlashTask v2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Flightplan (2005).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\FlipAlbum 6 Pro.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Focus Photoeditor 4.4.0.11.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Focus Photoeditor 5.0.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Folder Guard Professional Edition v7.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\FontExplorerL.M v3.1.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Foo Fighters - There is Nothing Left to Lose.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Fornux PowerCalc-GX v4.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Freddy Got Fingered DVDRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Full Video Converter 2.8.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Game Collector Pro v2.2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Game Copy (AIO).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Game Optimizer Pro 1.0 Full.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\GameGain v2.11.7.2005.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\GameHike v1.11.7.2005.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\GameThrust v1.11.7.2005.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\GemX do-Organizer v2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Getright 6.0 Final.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\GetRight 6.00.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\GFI Network Server Monitor v7.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Glary Utilities 1.4.0.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Go2PDF Virtual PDF Printer v1.01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Guns Girls Lawyers Spies - Spy Wars Edition 1.06.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Hallmark CardStudio 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Hard Disk Sentinel v1.02.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Heroes of Might and Magic V - PC.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Hide IP Platinum 1.53.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Hide IP Platinum 2.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Hide IP Platinum v1.75.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\High School Musical (2006).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Hourglass Pro v1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\HTTP Debugger Pro v3.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\HumanConcepts OrgPlus Professional.v6.0.358.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\HyperHide v1.3.10.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\IE DOM Inspector 1.5.3.171.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\IMSecurePro 1.5.39.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ImTOO DVD Ripper Platinum v4.0.41.0.303.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\IncrediMail Xe Premium Build 2385.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Info Angel Pro 3.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Internet DownloadIng Tools AIO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Internet Kiosk Pro v3.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\James Bond - Die Another Day.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Jeepers Creepers 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\JOC Web Finder v3.10.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Kerio WinRoute Firewall v6.1.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Keyboard Sounder v1.22.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\KeyView v2.0.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\KLS Backup 2006 Professional v1.95.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Koingo Password Retriever v5.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\KoolMoves v5.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Lara Croft Tomb Raider The Cradle of Life.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\LimeWire Professional v4.11.2 Retail.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Macromedia Contribute v3.11.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Macromedia Studio 8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Magic Swf2Gif 1.35.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Magic Utilities 2006 4.31.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Marilyn Manson - The Golden Age of Grotesque.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\McAfee VirusScan v10.0.27 Pro Retail.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\MDaemon Pro v9.04.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Meatloaf - Bat out of Hell.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\MediaMonkey v2.5.3.968 Final.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Mega Winamp Plugins Pack.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\MessengerLog5 Pro v5.20.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Microsoft Money 2006 Deluxe.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Microsoft Office 2007 (ALL).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Microsoft Streets And Trips 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Mobile Ringtone Converter v2.3.18.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\More Eric Meyer on CSS.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\MoreTunes 2.03.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Mortal Combat 4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\MoRUN.net Sticker 6.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Movie DVD Maker 1.5.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Movie DVD Maker v1.3.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Mp3 Doctor 5.11.048 full.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Mp3 Doctor v5.11.048.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\MSN Messenger 8.0.0.566 Beta.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Multi Cam Pro v2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Multimedia Builder MP3 v4.9.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\My Drivers v3.11.2600.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\My Name Is Earl - Season 01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\NativeJ 4.7.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Natural Motion Endorphin 2.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\NetConceal Anonymizer v3.6.041.02.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Network Eagle Monitor 4.9.329.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Newsleecher 3.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\NewsReactor 1.0 Build 9034.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\NiceTextEditor v1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\No1 DVD Ripper v2.1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Noiseware Professional v3.4.0.3 for Adobe Photoshop.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\O&O Defrag Pro Server 8.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Onlineeye Pro V1.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Optimal Access Optimal Desktop Mobile Ed.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Oscheck 1.2.1000.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PaperCut Quota v6.0.623.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PC Security Suite v4.02.8.30.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PCBoost v3.11.7.2005.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PCHeal v1.11.7.2005.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PDR Electronic Library 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Perfect Sweet Redhead Teen.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Phone Recorder Plus v1.0.3.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Photocopier Pro v3.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Photoline 32.12.02.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PhotoModeler Pro 5.2.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PolyEdit v5.0 RC Altiplano.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PowerArchiver 2004 9.00.30.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Principals Pal 1.1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Privacy Inspector v1.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Privacy Shield v3.0.18.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ProxyWay Extra 3.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PSP media Manager w crack.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PSPad Editor 4.5.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PSPWare v2.1.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\PtShare Photo DVD Wizard v1.05.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Quick Brick 1.37.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Quickbooks Premier 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Quicken 2006 Premier Home & Business.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\R-Studio 3.0 Build 123017.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Radiohead - Hail to the Thief.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ranking Toolbox v4.0.4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Rapidshare Grabber Shine 1.4.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\RawShooter Premium 2006 v1.0.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ReadyToPrint Organizer v4.77.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Reg Organizer 3.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\RegDoctor v1.63.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ReGet Deluxe 4.2.264.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Relentless Spyder v8.4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Revelation Dali v1.2.1.exe -> Dropper.VB.lu : Cleaned with backup

Wasim245 · 2006/06/09

Report continued

C:\Documents and Settings\Wasim Arif\Shared\_\Screen VidShot v2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Screensaver Producer Pro 3.62.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SD SmartMouse v1.2.11.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Seal Of Evil.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Selteco Flash Designer 5.0.24.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Servant Salamander v2.5.RC1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Shadow Man (2006) DVDRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ShareAlarmPro v1.5.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Shut Down Expert v4.72.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Skateboard Park Tycoon 2004.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Slysoft AnyDVD v5.5.2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Slysoft AnyDVD v6.0.0.4 2006.06.05.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Slysoft Products Crack 1.30.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Smart Photo Viewer v2.1.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SmartBackup v3.3.0.400.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SmartDraw Suite Edition 7.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SoftPerfect Bandwidth Manager 2.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Sokkit v4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Sony ACID Pro 6.0a Build 263.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Sony ACID Pro v6.0a.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Sony Cinescore v1.0 build 147.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Sony DVD Architect 3.0c.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Sony Sound Forge Audio Studio v8.0a Build 63.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Sony Vegas 6.0D.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Sothink DHTMLMenu v6.2 Build 51011.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Southpark Season 8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Speak Aloud v2.0.2006.0226.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Speed Video Converter v3.0.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Speed Video Splitter v2.1.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Speed Video Splitter v2.4.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SpeedFan 4.29 Beta 7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SpeedTree ver. 3.01 for 3DSMax.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Split PDF v1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Spy Cleaner Gold 9.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SQL Server Backup 4.01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SQLyog Enterprise v5.13.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Sudoku Pagoda 1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Supert Symantec All in One 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SuperVideoCap v4.39.520.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\SWF n Slide Pro 1.017.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Systerac XP Tools 3.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Systerac XP Tools 3.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Techno Ejay 4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\TechSmith SnagIt 8.0.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Teleport Ultra 1.38 HTTPS Edition Retail.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Tembria Server Monitor v4.04.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\TextAloud MP3 v2.068.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\The Bat Pro v3.5.30.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\The Family Stone.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\The Hills Have Eyes DVDRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\The Matrix Path Of Neo.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\The Omen CAM.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\The Ring Two.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\The Sims 2 NIghtlife.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\The Webshots Desktop 5 Build 2.5.0.5135.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Toolbar Studio v1.5.4.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\TreePad Business Edition v7.1.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Trojan Remover 6.44.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Tunebite Platinum v3.0.0.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\TweakNow PowerPack 2006 Pro.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\TweakNow RegCleaner Professional 2.8.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ultra DVD Creator 1.5.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ultra Fractal Animation Edition v4.03.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Ultra MPEG to DVD Burner 1.5.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Video2SWF v1.005.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\VirIT eXplorer Lite 6.0.93.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Virtual Painter v5.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Visual Email Searcher v3.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Visual Studio 2005 Professional DVD.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\VSO Inspector v1.1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\VueScan 8.3.51.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\War of the States.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Web Replay v1.5.0.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\WebCrypt Pro v5.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Winamp 5.22.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Winamp 5.23 Pro Full Standart Lite.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Winamp Pro v5.23.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\WinAntiVirus Pro 2006 2.0.236.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\WinASO Disk Cleaner v1.61.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\WinASO EasyTweak v2.01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Windows Vista New Themes Pack AIO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Windows XP Service Pack 3 Unattended.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\WinUtilities 5.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\WinUtilities v5.1 (Retail).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\WinXP Manager 4.97.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Wise-FTP 4 v4.0.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\WWW File Share Pro 4.60a.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\WYSIWYG Web Builder v3.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Xilisoft AVI MPEG Converter 2.1.55.1008b.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Xilisoft MP3 WAV Converter 2.0.16.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Xilisoft MP4 Converter 3.1.6.0602b.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Xilisoft PSP Video Converter 3.1.6.0602b.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Xilisoft RM Converter 3.1.6.0602b.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Xilisoft Video Converter 3.1.6.0602b.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Xilisoft Video To Audio Converter 3.1.6.0602b.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\xzxzxzxzxzxz.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Zipsearch 1.4.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\Zone Alarm Security Suite 6.5.700.000.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ZoneAlarm Internet Security Suite 6.5.700.000 final.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ZoneAlarm Pro v6.5.700.000.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Wasim Arif\Shared\_\ZoneAlarm with Antivirus 6.5.700.000 final.exe -> Dropper.VB.lu : Cleaned with backup
C:\My Documents\Applications\Setup.exe -> Adware.180Solutions : Cleaned with backup
C:\Program Files\Admanager Controller -> Adware.BlazeFind : Cleaned with backup
C:\Program Files\Admanager Controller\AdManCtl.exe -> Adware.BlazeFind : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Trojan.Scapur.k : Cleaned with backup
C:\Program Files\DAP\DAPBHO.dll -> Adware.IEBar : Cleaned with backup
C:\Program Files\DNS\Catcher.dll -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\iciicdgw.exe -> Not-A-Virus.Hoax.Win32.Renos.dc : Cleaned with backup
C:\Program Files\LimeWire Download Accelerator Pro\NNGLZA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\QMgr\qpri_0.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Snowball Wars\SnowballWars.exe -> Dropper.VB.mz : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup

Wasim245 · 2006/06/09

Final report

C:\WINDOWS\SYSTEM32\0mcamcap.exe -> Proxy.Small.bo : Cleaned with backup
C:\WINDOWS\SYSTEM32\ahrace.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\aului.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\azkctrs.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\cmseqchk.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\dn0401dqe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwaarn.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwaary.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwajbw.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwakqt.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwaqtp.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwbemz.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwbxps.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwbyjm.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwchyb.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwcvex.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwdcdz.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwdezz.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwdfya.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwdmpb.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwdnwf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwdodc.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwduqj.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwdvqe.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvweaep.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwecei.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwegsj.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwejks.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvweofa.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwetcw.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwevpt.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwfbgw.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwfbxl.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwfdgv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwfmip.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwgaxf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwgdde.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwgdgv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwgonv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwgynx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwgzpe.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwhjim.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwhlvq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwhmok.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwhpyd.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwhqmj.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwhurf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwhznj.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwiddh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwilpp.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwinnd.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwinvr.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwionx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwipkw.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwiqov.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwissa.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwiswf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwivdx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwivvx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwjjxm.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwjkny.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwjlvf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwjomt.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwjqyy.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwjvky.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwkedb.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwkgma.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwkolh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwlboi.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwlbsx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwldcf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwldhl.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwlejh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwlgpd.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwlmwc.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwlsib.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwlsly.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwlsvf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwmimf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwnebu.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwnhhm.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwnjnn.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwnkia.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwnnou.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwoady.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwohqz.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwoilz.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwolvn.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwoucq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwovym.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwoxlf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwoycr.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwoyyh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwpfrw.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwpgyq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwpksh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwpqkj.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwprxo.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwptqq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwpwtx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwqero.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwqfss.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwqixf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwqnyy.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwqsqp.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwqwdh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwqyrb.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwrcnr.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwrjig.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwrjnt.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwrklk.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwrmjy.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwrxex.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwshla.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwsjlb.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwstlp.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwsyku.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwtavs.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwtcso.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwtdfk.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwthhh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwtjtp.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwtprv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwttku.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwtvcc.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwtzxp.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwuecx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwuexv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwukkf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwunce.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwuqwv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwurgz.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwurqn.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwuzjt.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwvglc.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwvjae.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwvksm.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwvkww.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwvppk.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwvqrh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwvwcl.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwwbrp.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwwcdv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwweop.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwwizr.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwxfqe.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwxhhz.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwxhov.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwxhws.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwxjho.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwxnqj.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwxotv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwxoyc.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwxsuf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwyagq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwyhir.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwyjtg.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwyxqj.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwyypq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwzlut.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwznqv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwzqak.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxvwzvda.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\SYSTEM32\e002lado1d0c.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\en4ql1h51.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ennul1591.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\f4l00e3meh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\FN20.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\fn4021hmg.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\hrju0519e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\i4nm0e51eh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\iaaksie.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ir42l5ho1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\irjml5111.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\isxrtmgr.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\k062lajo1doc.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\lv2409fqe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\lv6q09j5e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\lvl4093qe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\lvro0993e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\maiqtz32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\opuw.dll -> Proxy.Agent.df : Error during cleaning
C:\WINDOWS\SYSTEM32\p4p60e7seh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\q0860alsedq60.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\r48s0el7ehq.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\rpcc.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\SYSTEM32\s088lalu1dq8.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\sorwvdrv.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\w227b16f.dll -> Downloader.Agent.ahv : Cleaned with backup

::Report End

TeMerc · 2006/06/09

OK, good work, we still have 2-3 specific fixes to work thru tho.

this first one will be in two separate steps.

Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.

Double-click Look2Me-Destroyer.exe to run it.

Put a check next to Run this program as a task.

You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK

When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.

Once it's done scanning, click the Remove L2M button.

You will receive a Done Scanning message, click OK.

When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.

Your computer will then shutdown.

Turn your computer back on.

Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Wasim245 · 2006/06/09

Look2me report

Look2Me-Destroyer V1.0.12

Infected! C:\WINDOWS\system32\fnj0211mg.dll
Infected! C:\WINDOWS\system32\t28ulcl91fq.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050118.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050132.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050178.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050191.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050195.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050208.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0052198.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0054198.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0056212.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP65\A0057211.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP65\A0058214.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0058299.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0058303.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0058340.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0059343.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0059380.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0060401.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0060417.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0063404.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0063429.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0064432.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0066444.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0068444.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0068456.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0068460.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069471.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069523.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069527.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069567.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0070581.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071582.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071584.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071600.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071606.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071610.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071627.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071643.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0072642.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0074643.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0074651.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0074655.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0078142.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0078167.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079170.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079516.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079517.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079518.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079519.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079520.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079670.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079671.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079673.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079675.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079676.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079678.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079679.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079680.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079681.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079682.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079683.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079684.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079685.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079686.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079687.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079688.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079689.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079690.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079691.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079692.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079726.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079745.dll
Infected! C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079746.dll
Infected! C:\WINDOWS\SYSTEM32\agpmgr.dll
Infected! C:\WINDOWS\SYSTEM32\en2ql1f51.dll
Infected! C:\WINDOWS\SYSTEM32\t28ulcl91fq.dll
Infected! C:\WINDOWS\System32\guard.tmp

Wasim245 · 2006/06/09

Look2me continued

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\fnj0211mg.dll
C:\WINDOWS\system32\fnj0211mg.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\t28ulcl91fq.dll
C:\WINDOWS\system32\t28ulcl91fq.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050118.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050118.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050132.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050132.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050178.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050178.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050191.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050191.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050195.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050195.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050208.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0050208.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0052198.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0052198.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0054198.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0054198.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0056212.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP64\A0056212.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP65\A0057211.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP65\A0057211.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP65\A0058214.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP65\A0058214.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0058299.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0058299.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0058303.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0058303.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0058340.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0058340.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0059343.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0059343.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0059380.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0059380.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0060401.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0060401.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0060417.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0060417.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0063404.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0063404.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0063429.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0063429.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0064432.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0064432.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0066444.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0066444.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0068444.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0068444.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0068456.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0068456.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0068460.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0068460.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069471.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069471.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069523.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069523.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069527.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069527.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069567.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0069567.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0070581.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0070581.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071582.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071582.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071584.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071584.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071600.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071600.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071606.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071606.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071610.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071610.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071627.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071627.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071643.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0071643.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0072642.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0072642.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0074643.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0074643.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0074651.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0074651.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0074655.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP66\A0074655.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0078142.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0078142.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0078167.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0078167.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079170.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079170.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079516.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079516.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079517.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079517.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079518.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079518.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079519.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079519.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079520.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079520.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079670.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079670.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079671.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079671.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079673.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079673.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079675.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079675.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079676.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079676.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079678.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079678.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079679.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079679.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079680.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079680.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079681.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079681.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079682.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079682.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079683.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079683.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079684.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079684.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079685.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079685.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079686.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079686.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079687.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079687.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079688.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079688.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079689.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079689.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079690.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079690.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079691.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079691.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079692.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079692.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079726.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079726.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079745.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079745.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079746.dll
C:\System Volume Information\_restore{B19C5C7F-BF71-4273-96C7-37DBA8AA1DF6}\RP67\A0079746.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\agpmgr.dll
C:\WINDOWS\SYSTEM32\agpmgr.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\en2ql1f51.dll
C:\WINDOWS\SYSTEM32\en2ql1f51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\t28ulcl91fq.dll
C:\WINDOWS\SYSTEM32\t28ulcl91fq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{209976C0-5AC6-42A2-A295-6861166A89A3} "
HKCR\Clsid\{209976C0-5AC6-42A2-A295-6861166A89A3}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Wasim245 · 2006/06/09

HJT report

Logfile of HijackThis v1.99.1
Scan saved at 16:05:51, on 09/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\MYDOCU~1\WNSXS~1\chkdsk.exe
C:\WINDOWS\SKS~1\RSS~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\GreatMemo\GreatMemo.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\PLUS!\wCMPAGENT.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wasim Arif\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [w227b16f.dll] RUNDLL32.EXE w227b16f.dll,I2 001197b20227b16f
O4 - HKLM\..\Run: [SysTray] C:\Program Files\iciicdgw.exe
O4 - HKCU\..\Run: [Eshs] "C:\MYDOCU~1\WNSXS~1\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [wokf] C:\PROGRA~1\COMMON~1\wokf\wokfm.exe
O4 - HKCU\..\Run: [Khfcay] C:\WINDOWS\SKS~1\RSS~1.EXE
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [Trust Cleaner] C:\Program Files\Trust Cleaner\TrustCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Fotomat Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13c715bf37b85c316905/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146935809077
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - AppInit_DLLs: dexplore.dll C:\WINDOWS\System32\dexplore.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: ZEqfWs - {C0734B27-6AD9-E18D-ED03-F3FEA9CFA865} - C:\WINDOWS\System32\opuw.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

TeMerc · 2006/06/09

OK, that seemed to clean up quite a bit, lets move onto the next infection fix, SmithFraud:

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter "; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool "; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Wasim245 · 2006/06/09

Smithfraudfix report

SmitFraudFix v2.56

Scan done at 16:34:02.30, 09/06/2006
Run from C:\Documents and Settings\Wasim Arif\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dcom_21.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wasim Arif\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WASIMA~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Trust Cleaner\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{24E27EA9-FCF3-444F-BD80-20543BA5D946} "= "Trustworking System Class "

[HKEY_CLASSES_ROOT\CLSID\{24E27EA9-FCF3-444F-BD80-20543BA5D946}\InProcServer32]
@= "C:\DOCUME~1\WASIMA~1\LOCALS~1\Temp\wschtm35.dll "

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{24E27EA9-FCF3-444F-BD80-20543BA5D946}\InProcServer32]
@= "C:\DOCUME~1\WASIMA~1\LOCALS~1\Temp\wschtm35.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB8C34} "= "DCOM Server "

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

TeMerc · 2006/06/09

OK, here is the second part of that fix:

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please follow the instructions exactly in the order listed; this is very important!

We'll be running ewido again, so open it up and check for updates before continuing with the next procedure.

Also, be sure the following items are unticked in Ewido set up:

Install background guard

Install scan via context menu

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter ".

Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click SmitfraudFix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

The tool may need to restart your computer to finish the cleaning process. A text file will appear on screen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

AFTER SmitfraudFix finishes (and after a reboot if required), please open Ewido. (If a reboot is required, please boot BACK into Safe Mode.)

Click on Scanner

Click on Complete System Scan and the scan will begin.

If ewido finds anything, it will pop up a notification. You can select "Remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

When the scan is finished, click the Save report button at the bottom of the screen.

Save the report to your desktop

Close Ewido

Then please restart it into Normal Windows. Please post the contents of the SmitfraudFix log located at C:\rapport.txt into this thread, along with the Ewido report and a new HijackThis log.

Wasim245 · 2006/06/12

Thank you for your help so far. I have not completed the last solution as I am away for a while, when I return I will post the reports you asked for. Thanks again for your help.

Log in or Sign up

Popup problems

Wasim245 Inactive Thread Starter

TeMerc Inactive Alumni

TeMerc Inactive Alumni

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

TeMerc Inactive Alumni

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

TeMerc Inactive Alumni

Wasim245 Inactive Thread Starter

TeMerc Inactive Alumni

Wasim245 Inactive Thread Starter

Share This Page

Log in or Sign up

Popup problems

Wasim245 Inactive Thread Starter

TeMerc Inactive Alumni

TeMerc Inactive Alumni

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

TeMerc Inactive Alumni

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

Wasim245 Inactive Thread Starter

TeMerc Inactive Alumni

Wasim245 Inactive Thread Starter

TeMerc Inactive Alumni

Wasim245 Inactive Thread Starter

Share This Page

Useful Searches