Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unstoppable popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unstoppable popups

Unread postby Eagledunk » August 9th, 2006, 12:07 am

I have read through several posts re: deleting virus. However, other than briefly being able to download Ewido and do a scan in Safe Mode I am not able to do anything else on my computer as the popups come up fast and furious and eventually freeze my computer. I am currently using my work computer. Please help. I can't download hiJack this or do a scan using Pandasoftware. I have done an Ewido scan and saved the results as a text file on my computer.

PLEASE HELP:cry:
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm
Advertisement
Register to Remove

Unread postby Bob4 » August 9th, 2006, 7:36 am

_________________________________
Welcome to the Malware removal forums. I will be more than happy to help you work on your problems.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!
Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!



If you can not DOWNLOAD hijackthis: Try downloading it from a good machine and copying it to a flash drive/CD ROM or even a floppy disk and installing it on the infected machine that way.





____________________
Here are a couple of steps to try and run HijackThis. should you have trouble running it.
Follow them in order. If one step doesn't work, continue to the next step:

Step # 1

Rename HijackThis.exe to H.exe. Try a scan. If it works, post the log back here. If not, proceed to the next step.

Step # 2

Go to this link and download the 1.98 version of HijackThis.exe:

http:/www.tomcoyote.org/hjt/

Try a scan. If it works, post the log back here. If not, proceed to the next step.

Step # 3

Click here and download Itty Bitty Process Manager (IBProcMan.zip): http://www.merijn.org/files/ibprocman.zip .

Unzip it to it's own directory and try running it - it will provide a 'taskmanager' like process viewer in which you can stop running processes. Don't stop any yet, just list all that it has so I can check them and give advice. Post the list back here.

Post a HJT log when you can.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Hijack log

Unread postby Eagledunk » August 9th, 2006, 7:19 pm

Success in hijack download
here is the log


Logfile of HijackThis v1.99.1
Scan saved at 7:14:04 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nwinopex.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\kybrdff_8.exe
C:\dfndrff_8.exe
C:\WINDOWS\system32\redistributor.exe
C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\System Files\System.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\hgdno.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,sbjqymc.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [xif64483] RUNDLL32.EXE w06b0bcf.dll,n 002644810000000306b0bcf
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinopex.exe CORN003
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_8.exe
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_8.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [kwro] C:\PROGRA~1\COMMON~1\kwro\kwrom.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinopex.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://eshopping.honda.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/i ... downls.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/ ... ontrol.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - C:\Program Files\System Files\plugin.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\t48u0el9ehq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGViYmllIER1bmNhbg\command.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 10th, 2006, 7:42 am

It looks like you have been infected by a few backdoor trojans.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing rootkits. While we can attempt to clean what we see in your logs, we can't guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be prudent to backup your information, reformat, and reinstall.

More information on Remote Access Trojans can be found
here

I suggest you do the following immediately:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.


If, however, you decide that the computer is not used for any sensitive work, or if you do not wish to reformat at this time, I can help you clean your computer to the best of my abilities.

Should you have any questions, please feel free to ask.

Please let me know what you decide to do in your next post.

Should you decide to clean this machine start by doing the following.



1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Heart sink

Unread postby Eagledunk » August 10th, 2006, 5:34 pm

Well, that made my heart sink. :cry: I will attempt of fix, but will start backing everythign up. Just spent some time changing passwords. I don't use the computer for important information other than banking.

I assume as long as I am not online I am relatively safe.
Stay tuned for log post later this p.m.
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Combofix log

Unread postby Eagledunk » August 10th, 2006, 10:54 pm

Running from: C:\Documents and Settings\Debbie Duncan\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\logons
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{B2ABD568-C03F-414E-9D2C-9E58366008D7}]
@=""

[HKEY_CLASSES_ROOT\clsid\{B2ABD568-C03F-414E-9D2C-9E58366008D7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{B2ABD568-C03F-414E-9D2C-9E58366008D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{B2ABD568-C03F-414E-9D2C-9E58366008D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\tiolhelp.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\gpr2l39o1.dll
C:\WINDOWS\SYSTEM32\h2j40c1qef.dll
C:\WINDOWS\SYSTEM32\irr4l59q1.dll
C:\WINDOWS\SYSTEM32\l4j80e1ueh.dll
C:\WINDOWS\SYSTEM32\mnimtf.dll
C:\WINDOWS\SYSTEM32\mxnetobj.dll
C:\WINDOWS\SYSTEM32\pJutoenr.dll
C:\WINDOWS\SYSTEM32\tiolhelp.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

22:15:32.03

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\rwljoh.exe
C:\WINDOWS\system32\hgdno.exe
C:\WINDOWS\system32\sbjqymc.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-02 22:23:20 127,488 "C:\WINDOWS\system32\rwljoh.exe"
2006-08-02 22:23:28 28,672 "C:\WINDOWS\system32\hgdno.exe"
2006-07-31 23:06:14 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-05-19 08:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-08-08 23:12:18 234,272 "C:\WINDOWS\system32\mnimtf.dll"
2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-08-08 22:52:46 159,744 "C:\WINDOWS\system32\redist.dll"
2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-08-02 22:23:26 23,552 "C:\WINDOWS\system32\sbjqymc.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 04:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-08-07 23:56:28 51,712 "C:\WINDOWS\system32\xeljgpn.dll"
2006-05-10 01:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-08-08 22:48:32 127,488 "C:\WINDOWS\system32\wtbmb.dat"
2006-08-09 19:17:54 336 "C:\WINDOWS\prspg.dll"
2006-08-08 00:15:22 53 "C:\WINDOWS\nvqclq.dat"
2006-07-31 23:03:14 127,488 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\jexku.exe"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


08/08/2006 10:48 PM 127,488 wtbmb.dat.vir
08/02/2006 10:23 PM 127,488 rwljoh.exe.vir
07/31/2006 11:03 PM 127,488 jexku.exe.vir
08/07/2006 11:56 PM 51,712 xeljgpn.dll.vir
08/02/2006 10:23 PM 28,672 hgdno.exe.vir
08/02/2006 10:23 PM 23,552 sbjqymc.exe.vir
08/08/2006 12:15 AM 53 nvqclq.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-07-31 23:06:14 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 04:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-19 08:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-08-08 22:52:46 159,744 "C:\WINDOWS\system32\redist.dll"
2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 01:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-08-09 19:17:54 336 "C:\WINDOWS\prspg.dll"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload.exe
C:\dfndrff_7.exe
C:\kybrdff_7.exe
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\dfndrff_8.exe
C:\kybrdff_8.exe
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Program Files\network monitor
C:\Documents and Settings\LocalService\Application Data\NetMon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-09 19:17:54 336 ( A.... ) "C:\WINDOWS\prspg.dll"
2006-08-09 19:14:06 13816 ( A.... ) "C:\Program Files\hijackthis.log"
2006-08-08 22:52:46 159744 ( A.... ) "C:\WINDOWS\system32\redist.dll"
2006-08-08 22:52:36 126464 ( A.... ) "C:\WINDOWS\system32\redistributor.exe"
2006-08-08 00:21:26 1167 ( A.... ) "C:\WINDOWS\system32\xif64483.sys"
2006-08-08 00:21:26 1167 ( A.... ) "C:\WINDOWS\system32\xif64483.sys"
2006-08-07 21:58:04 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-08-07 19:41:02 ( .D... ) "C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}"
2006-08-07 19:40:54 930 ( A.... ) "C:\WINDOWS\system32\winpfg32.sys"
2006-08-07 19:40:54 930 ( A.... ) "C:\WINDOWS\system32\winpfg32.sys"
2006-08-07 19:40:40 61952 ( A.... ) "C:\WINDOWS\system32\xif64483.dll"
2006-08-02 17:39:56 168061 ( A.... ) "C:\WINDOWS\system32\nwinopex.exe"
2006-07-31 23:06:14 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-07-31 23:05:18 ( .D... ) "C:\Program Files\System Files"
2006-07-31 23:05:16 ( .D... ) "C:\Program Files\System Icons"
2006-07-31 23:03:10 ( .D... ) "C:\Program Files\Common Files\kwro"
2006-07-31 23:02:26 ( .D... ) "C:\Program Files\Cas2Stub"
2006-07-31 23:00:52 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-07-31 22:57:42 ( .D... ) "C:\Program Files\ToolBar888"
2006-07-31 22:57:36 ( .D... ) "C:\Program Files\Common Files\{BCFB2313-0AE8-1033-0126-040218200001}"
2006-07-31 22:56:06 ( .DSH. ) "C:\Program Files\outlook"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-17 21:48:42 6615486 ( A.... ) "C:\WINDOWS\dogchapel.scr"
2006-07-14 11:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-13 21:12:26 ( .D... ) "C:\Documents and Settings\Debbie Duncan\Application Data\AdobeAUM"
2006-06-04 22:13:44 24576 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2005-02-16 11:06:00 218112 ( A.... ) "C:\Program Files\HijackThis.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-08 22:52 159,744 C:\WINDOWS\system32\redist.dll
2006-08-08 22:52 126,464 C:\WINDOWS\system32\redistributor.exe
2006-08-08 22:47 250,466,304 C:\hiberfil.sys
2006-08-07 22:37 126,976 C:\WINDOWS\system32\mshearts.exe
2006-08-02 17:41 930 C:\WINDOWS\system32\winpfg32.sys
2006-08-02 17:40 61,952 C:\WINDOWS\system32\xif64483.dll
2006-08-02 17:40 1,167 C:\WINDOWS\system32\xif64483.sys
2006-08-02 17:39 168,061 C:\WINDOWS\system32\nwinopex.exe
2006-07-31 23:06 48,167 C:\WINDOWS\system32\VSL05.exe
2006-07-31 23:02 336 C:\WINDOWS\prspg.dll
2006-07-31 23:02 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-07-31 23:00 956,240 C:\WINDOWS\pwumgyv.exe
2006-07-31 23:00 232,749 C:\WINDOWS\pf78.exe
2006-07-17 21:48 6,615,486 C:\WINDOWS\dogchapel.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"
"TFNF5"="TFNF5.exe"
"PadTouch"="\"C:\\Program Files\\TOSHIBA\\PadTouch\\PadExe.exe"
"TPSMain"="TPSMain.exe"
"TFncKy"="TFncKy.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"B'sCLiP"="C:\\PROGRA~1\\B'SCLI~1\\Win2K\\BSCLIP.exe"
"Pinger"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe /run"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus CX5400"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2G1.EXE /P19 \"EPSON Stylus CX5400\" /O6 \"USB001\" /M \"Stylus CX5400\""
"ADUserMon"="C:\\Program Files\\Iomega\\AutoDisk\\ADUserMon.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"Deskup"="C:\\Program Files\\Iomega\\DriveIcons\\deskup.exe /IMGSTART"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"IVPServiceMgr"="C:\\TOSHIBA\\IVP\\ISM\\ivpsvmgr.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
@=""
"outlook"="C:\\Program Files\\outlook\\outlook.exe /auto"
"xif64483"="RUNDLL32.EXE w06b0bcf.dll,n 002644810000000306b0bcf"
"ExploreUpdSched"="C:\\WINDOWS\\system32\\nwinopex.exe CORN003"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"ad8rIU3s"="C:\\WINDOWS\\system32\\cvn0.exe"
"k6mmN5IOU"="\"C:\\WINDOWS\\system32\\wfxqhv.exe\""
"NwCplMonitor"="C:\\WINDOWS\\system32\\redistributor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"kwro"="C:\\PROGRA~1\\COMMON~1\\kwro\\kwrom.exe"
"CAS2"="\"C:\\Program Files\\System Files\\System.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{BCFB2313-0AE8-1033-0126-040218200001}"="\"C:\\Program Files\\Common Files\\{BCFB2313-0AE8-1033-0126-040218200001}\\Update.exe\" mc-110-12-0000140"
"{BCFB2313-0AE9-1033-0126-040218200001}"="\"C:\\Program Files\\Common Files\\{BCFB2313-0AE9-1033-0126-040218200001}\\Update.exe\" mc-110-12-0000137"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Thu 08/10/2006 22:20:34.89
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-10.221312.txt
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 11th, 2006, 7:04 am

That looks good.
Please post another HJT log..
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Hijack log

Unread postby Eagledunk » August 11th, 2006, 8:17 am

Logfile of HijackThis v1.99.1
Scan saved at 8:08:56 AM, on 8/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nwinopex.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\redistributor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\System Files\System.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [xif64483] RUNDLL32.EXE w06b0bcf.dll,n 002644810000000306b0bcf
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinopex.exe CORN003
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [kwro] C:\PROGRA~1\COMMON~1\kwro\kwrom.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinopex.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://eshopping.honda.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/i ... downls.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/ ... ontrol.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - C:\Program Files\System Files\plugin.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 11th, 2006, 10:40 am

______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <http://searchbar.findthewebsiteyouneed.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <http://searchbar.findthewebsiteyouneed.com>
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [xif64483] RUNDLL32.EXE w06b0bcf.dll,n 002644810000000306b0bcf
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinopex.exe CORN003
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKCU\..\Run: [kwro] C:\PROGRA~1\COMMON~1\kwro\kwrom.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinopex.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll (file missing)
O15 - Trusted Zone: <http://eshopping.honda.com>
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - <http://download.sidestep.com/get/k00719/sb028.cab>
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - C:\Program Files\System Files\plugin.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll



____________________________
Please download the Killbox by Option^Explicit

Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\nwinopex.exe
C:\WINDOWS\system32\redistributor.exe
C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}
C:\Program Files\System Files\System.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\nwinopex.exe
C:\WINDOWS\system32\cvn0.exe
C:\WINDOWS\system32\wfxqhv.exe
C:\Program File\Common Files\kwro\kwrom.exe
C:\Program Files\System Files\System.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
C:\WINDOWS\system32\redist.dll


Return to Killbox, go to the File menu, and choose Paste from Clipboard.

choose Unregister dll before deleting

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).


If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.





________________________

Ewido

Download Ewido 4.0
Install ewido
You will need to update ewido to the latest definition files.
On the top of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed. After the updates are installed,
exit ewido.

If you have trouble updating go to
http://www.ewido.net/en/download/updates/
and download the full signature data base.
Close ewido and click on the file you just downloaded from them
Do Not Use It Yet.

________________________________________
Safe mode:
Please reboot to safe mode:
After the very first black screen start tapping the
F8 key untill prompted with a list choose safe
mode.
Heres how



_________________________________________
Ewido Part 2
Ewido
Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
Click on scanner
Click on Settings
Under How to act
Choose quarintine

Under Reports check automatically create report after every scan.
Now back to the scan tab andClick on Complete system scan

Let the program scan the machine .
When finished click apply all actions.

Post the report in your next reply.
Exit ewido.


Reboot normally


Post a new HJT log and the report from ewido.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

kill box

Unread postby Eagledunk » August 12th, 2006, 10:57 am

I can't choose unregister dll before delating on kill box - it does not allow me - it is grayed out

Also, I am not sure I followed the copy directions. I wasn't able to copy to a clipboard. Instead I selected the files from the box FUll path of file to delete.

Please advise.

Thank you.
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Hijack & Ewido log

Unread postby Eagledunk » August 12th, 2006, 1:02 pm

Not sure I followed the killbox instructions correctly. Several of the files you said to include were not in my c:\drive

Logfile of HijackThis v1.99.1
Scan saved at 12:53:33 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\HijackThis.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/i ... downls.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/ ... ontrol.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe




*************
---------------------------------------------------------
ewido anti-spyware - Scan Report---------------------------------------------------------

+ Created at: 12:44:01 PM 8/12/2006

+ Scan result:



C:\Program Files\ToolBar888 -> Adware.ToolBar888 : Cleaned with backup (quarantined).
C:\Program Files\ToolBar888\Activate.exe -> Adware.ToolBar888 : Cleaned with backup (quarantined).
C:\Program Files\ToolBar888\Uninst.exe -> Adware.ToolBar888 : Cleaned with backup (quarantined).
C:\QooBox\hgdno.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\jexku.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\rwljoh.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\sbjqymc.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\wtbmb.dat.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\xeljgpn.dll.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie Duncan\Local Settings\Temporary Internet Files\Content.IE5\EDOVUXQR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie Duncan\Cookies\debbie duncan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie Duncan\Cookies\debbie duncan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie Duncan\Cookies\debbie duncan@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Debbie Duncan\Cookies\debbie duncan@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\!KillBox\redist.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\!KillBox\redistributor.exe -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\My Downloads\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\All RSS feeds.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\CNET Channel.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\CNET News.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\CNET TV.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Compare Prices.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Free MP3s.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Help Center.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\How to advertise.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\International media.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JOT Journaler 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JOpt.SDK - route optimization library 1.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPBHomeSolutions I 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPBHomeTime 2.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEG 2000 Compressor 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEG 2000 Dropper 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEG Image Enhancer 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEG Imager 2.2.2.29.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEG Japery 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEG Lossless Resave plug-in for Photoshop 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEG Lossless Rotator 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEG Viewer 0.11 build 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEG Wizard for Photoshop 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEGCompress 2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEGCrops 0.7.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPEGCruncher Desktop 2.0.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPG 4 Email 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPG File Sizer 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPGCube 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPGReader 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPGallery Image Gallery Creator 3.0 build 580.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPSViewer 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPTorrent 2.01 2.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPTorrent Light 0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPhotoBrush Pro 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JPlayer 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JProbe Profiler Freeware 5.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JProfiler 4.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JProxy 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JR Directory Printer 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JR Screen Ruler 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JR Split File 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JR Split File Pro 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JRelaxTimer 1.0.001.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JS-DUC 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JSCruncher Pro 3 build 150.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JSPMaker 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JSQLConnect 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JSQLMapper 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JSS Clock Sync 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JScreenPrint 0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JScript 5.6 Security Patch for Windows 2000 and XP MS03-008.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JScript 5.6 Security Patch for Windows MS03-008.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JSearch Builder 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JSecureConnect 2.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JSetup Professional 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JShopper 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JShowBuilder 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JT Maps 2005 1.3.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JTB FlexReport 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JTM - Java Tree Menu 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JTY Painter 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JTerm 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JTier Internet News Server 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JTroll 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JUnitConv 1.0.001.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JUpload Applet 0.79.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JVPoker Classic 1.4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JVW Popup Maker and DHTML Ad Generator 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JWTM (Web Tree Menu) 1.1.003.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JWinSvc 1.3.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JX Ovulation Calendar 1.1.76.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JXHTMLedit 4.0.005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JXMLPad 3.4 FC.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JXOpen 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JoKenPo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JoKenPo 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\John Gould Hummingbirds 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\John Kerry for President NewsReader 1.0.2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\John Muir's Steep Trails 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\John Peterson Pictures Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\John Singer Sargent Screensaver 4.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\John's Bingo 1.88.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Johnny Depp Screensaver 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Johnny Herbert's Grand Prix World Champions demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Join (Merge) Text Files 7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Join Me 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Join Split Convert Video 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joiner 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joint Operations Typhoon Rising Jakarta Siege map .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joint Operations Typhoon Rising multiplayer patch 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joint Operations Typhoon Rising patch 1.1.0.16.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joint Operations Typhoon Rising patch 1.3.1.15.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joint Operations Typhoon Rising updated multiplayer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joke Sleuth 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joke411 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joker's Quest 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JollyPaintbook 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JollyPairs 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JollySnake 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JoltIP 1.06b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JongPuzzle 3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jonny the Homicidal Maniac .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joomlaspan Google AdSense Module 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joox Voting Toolbar 3.1.19.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jor's Opera Setup 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jordan Smith's Easy Icon Maker 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joseki for Windows 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Josh's World .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joshs Video of the Month Toolbar 4.5.65.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joshua's ChordTutor for Guitar 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jot+ Notes 3.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JotSmart 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JotSmart Pro 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Journal Bar 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Journal Macro 1.84.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Journal Protected 2.3.18.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Journey Master 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Journyx Timesheet 7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jovian 2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joy And Peace Christmas Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joy Mobile Manager for Siemens 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joy RingTone Converter 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joy To The World (Joy Online) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JoyceCD 3.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JoyiStar WebShop 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joys Of Easter Animated Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joystick Remote for Winamp 3.1b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Joystick-To-Mouse 2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jpeg Fixer 0.96.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jpeg2000 SDK 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JpegSizer 4.0a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jpg Animated Slide Show 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jr. Doctor 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jr. Firefighter 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jr. Scientist 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jr. Vet 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jscape Secure FTP Server 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jshock 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jubler 2.9.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jude Law Screensaver 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Judo Scoreboard Deluxe 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Judy's Kitchen 2003 1.0.59.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juerguistaz Script 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juggle (OS X) 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juice 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juiced final demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juicy Business Cards 1.10.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juke 3.8.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JukeANator Digital Jukebox 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JukeBox 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JukeBx 1.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JukeJam 8.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JukeTrax - The Jukebox Printing Press 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jukebox Pro 1.0.68.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JulDate 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Julia Explorer 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Julia O' Matic 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Julia Stiles Sex-E Screensaver 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Julia's Time Adventures - Back to the Roaring 20s .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JuliaShapes 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Julius 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jump Shot Basketball 5.55.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jump Teddy 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jump Zampoli 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JumpKeys 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JumpStart 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JumpVault Backup Software 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jumpin Jehosaphat WP 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jumpstart-it 2.0.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jumpwel 5.05.005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Animated Windows Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Balls 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Cats 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Heart 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Heart 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Heart Family Edition 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Queens DT 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Queens WP 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Stalker WP 1.00.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Storm 3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Waterfall Animated Screensavers 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jungle Waterfall Animated Wallpapers 3.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Junior Icon Editor 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juniper Practice Tests from Boson 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Junk Food Fruits Puzzle 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Junk Mail Remover 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Junk-Out 1.14.0048.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JunkSweep 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JunkWarden for Outlook Express 2.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jupiter Grid 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jurassic Park Operation Genesis .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jurassic Park and The Lost World Theme 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jurassic Pinball 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jurgen 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jurtle 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Another Analog Clock 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Another Tetris Clone 1.2b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just BASIC 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Bar Codes 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Bar Codes CL 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Buttons 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Checking 3.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Click 1.1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Hold em Poker 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Like Heaven Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Money 1.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Sudoku - Professional Edition 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Sudoku 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Tabs 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just Wallpaper 3.1a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Just WebMail 1.9.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustAddCommerce 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustCad 6.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustCursors 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustHTML Editor 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustInbox 4.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustLDAP 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustRemoteIT 1.18.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustRip'n'Burn 2.1.24.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustStartIt 0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustUrls 5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustZipIt 102.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustaCal 1.2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Justbackup 1.5.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JustbackupPro 1.5.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Justice Force of America 2 (Freedom Force) patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Justin Timberlake Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juvenile Data 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juz 'Amma Player 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Juzt-Reboot SW 7.61D.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jv16 PowerTools 1.4.1.238.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jv16 PowerTools 2005 1.5.1.31.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JvCrypt 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jvider 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jvw FTP Client 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Jyve 0.8.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\JzChat 1.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LibraryScan 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Licence Protector 2.4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Licence Protector Multimedia Edition 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\License Patrol 2.4.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\License Plate Math 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\License&Security 1.37.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\License4J 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LicenseWelder 1.05u.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Licensing .Net Pro 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Licht24 Pro 2.1.9.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LidorSystems.Collector 1.7.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Balance 3.2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Balance Mobile Edition 3.2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Balance for Windows 3.2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Form 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Line Organizer 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Organizer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Poster Maker 1.03b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Runner 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Software Imagemapper 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Software Webeditor 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life Tools 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Life2Go 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LifeForm Calorie Calculator 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LifeJournal 2.01.06 build 747.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LifeOrg 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LifeSaver Fire 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lifeboat Data Rescue 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lifeguard 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lifestream Scrapbook Edition 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lifestyle Organizer Deluxe 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Light Alloy 3.3 build 5792.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Light Artist 0.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Light Map Maker 0.39.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Light Note 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Light PAD Generator 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Light Pad 4.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Light Rangers Mending The Maniac Madness 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Light Web Searcher 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Light vs Darkness 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightBrowser 0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightCA 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightNzip 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightRays 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightTool ActiveX Controls 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightWave 3D Patch (OS X) 7.0b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightWave 3D Patch 7.0b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightWayText (Classic) 4.1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightWayText 4.1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightWeight Ninja demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightZone 1.5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightbox 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightbox 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightening 1.2.42.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightening OLD version 1.0.26.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lighthouse 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lighthouse 3D Screensaver 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lighthouse Seascapes Screen Saver 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lighthouse Seascapes Screensaver 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lighthouse by the Sea 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lighthouses Screensaver 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightning Download 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightning Flash Player 17.0.50.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightning Navigator 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightningCode 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LightningForm 1040 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lights 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lights 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lights 3D 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lights Out 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightsoft Cross Translation 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightspeed 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightspeed Screen Saver 8.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lightweight Time Tracker 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Likeoffice Excel Utility 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Likeoffice xls.comparison 3.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Likha DevCentre 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Likno Web Button Maker 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Likno Web Button Maker Free 1.4.0.114.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lil' Pretties Icon Set 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lilles lasteprogram AS 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Limb Volumes Professional 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LimeWire (Classic) 4.0.10.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LimeWire 4.10.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LimeWire 4.12.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LimeWire Acceleration Patch 4.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LimeWire Media Center 2.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Limerick Europe 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Limewire Support Link Patch 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Limit (Italian) 4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Limit Logins 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Limited Integration Calculator 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Limnor for Windows 3.3.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Limo Linx 2005.4.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Limouzik 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LinCVS 1.7.0-pre3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linda's Office Sampler 2000.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lindsay Lohan Sex-E Screensaver 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Line Counter 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Line Counter 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Line Monitor 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Line of Sight Vietnam .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Line of Sight Vietnam 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Line of Sight Vietnam 1.03 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Line of Sight Vietnam Multiplayer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LineArt Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LineChartApplet 2.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LineCombo ActiveX Control 1.0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LineIn 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LineStats 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lineage II gameplay trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linear Algebra 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linear Programming 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LinearMath (Motorola) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LinearMath (Nokia 3230, 6630, 6680, 6681, 6682) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LinearMath (Nokia Series 40) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LinearMath (Siemens) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LinearMath (Sony Ericsson) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linera Uninstall Manager 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lines 2.6.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lines Deluxe 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lines3D 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LinesHelper 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lingo 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lingo4u-Dictionary 1.1.0 build 246.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLango - The Five Essential Languages 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite Dutch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite French .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite German 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite Hebrew .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite Italian .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite Japanese .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite Portugese .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite Russian .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite Spanish .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoLite Swedish .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare Arabic .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare French .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare German .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare Hebrew .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare Italian .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare Japanese .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare Portuguese (Brazilian) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare Russian .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare Spanish .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingoWare Swedish .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lingobit Localizer 4.5.2 build Mar 26 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Lingua Compiler 3.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LinguaSaver 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linguata French 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linguata French 4.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linguata German 3.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linguata Italian 3.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linguata Spanish (European) 3.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\Linguata Spanish (South American) 3.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Dictionary 2006 for Windows English-Czech 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Dictionary 2006 for Windows English-Vietnamese 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Dictionary English-Bosnian for Windows 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Dictionary English-Spanish for Windows 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Arabic Dictionary 2006 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Arabic Talking Dictionary 2006 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Armenian Dictionary 2006 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Armenian Talking Dictionary 2006 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Azerbaijani Talking Dictionary 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Azeri Dictionary for Windows 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Bengali Dictionary for Windows 3.1.39.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Bengali Talking Dictionary 2006 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Bosnian Dictionary for Windows 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Bosnian Talking Dictionary 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Bulgarian Dictionary (Windows) 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Bulgarian Talking Dictionary 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Croatian Dictionary 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Czech Dictionary 2006 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Dutch Dictionary 2006 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Estonian Dictionary for Windows 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Estonian Talking Dictionary (W) 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Finnish Dictionary for Windows 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Finnish Talking Dictionary (W) 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Firench Dictionary for Windows 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-French Talking Dictionary 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-German Dictionary for Windows 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-German Talking Dictionary 2006 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Greek Talking Dictionary 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Italian Talking Dictionary 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Japanese Kanji-Romaji Dictionar 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Latvian Talking Dictionary 2006 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Portuguese Talking Dictionary 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft English-Turkish Dictionary 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft FlashCards (English-Russian) for Windows 1.5.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft FlashCards English - German 1.2.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft FlashCards English - Spanish 1.3.14.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Gold Dictionary English-Spanish 3.1.61.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Russian-Estonian Dictionary for Windows 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Russian-Estonian Talking Dictionary (W) 3.1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Suite 2006 English-Bulgarian for Windows 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Suite 2006 English-French for Windows 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\My Downloads\Shared\LingvoSoft Suite 2006 E
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 12th, 2006, 2:10 pm

Looks like you got 99% of the baddies. Good work.



_____________________________
Task Manager
I would like you to open the task manager by pressing simeltaniously
Ctrl+Shift+Esc or cntrl /alt/delete
then go to the processes tab and end the following if present:
by: right clicking on and choosing end process.

update.exe



______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - <http://download.sidestep.com/get/k00719/sb028.cab>

Open killbox once again
Please copy the file paths below to the clipboard by highlighting it and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).


If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Place a check delete on reboot.
Then click the red X



______________________________
You have RealPlayer running at Startup. This is RealPlayer's autoupdate program and is not necessary for the program to function properly.
It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will
need to change the setting in RealPlayer itself to keep it from resetting itself.. This is the item to fix in HijackThis:

O4 = HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" = osboot

______________________________
You have iTunesHelper.exe running at Startup. iTunesHelper.exe is a process belonging to Itunes MP3 streaming tool
by Apple which allows you to play MP3's. This process speeds up iTunes when it starts, and the program also monitors
for connected iPod devices. This program is not required to start automatically as you can start it manually if you need it.
It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis.
This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe



Optional fix
____________
Viewpoint components are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto‑updating for the Viewpoint Manager" ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.


I recommend that you remove the Viewpoint products; however, decide for yourself.



___________________
Tell me what version of Bearshare you have. There not all malware free.
Honestly there are better choices out on the net.

http://p2p.malwareremoval.com/index.html

And post a new HJT log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Hijack log

Unread postby Eagledunk » August 12th, 2006, 2:43 pm

thank you!
1) I removed Bear Share using add/remove programs at the start of this virus thing and now I can't find it anywhere - I see it in the log, but when I go to that string - it isn't there. I have done a search on my c:\drive - NOTHING. I do believe this is how all this started so I am DONE with Bear Share, but I can't seem to remove it. Any ideas?

2) Can I uninstall viewpoint. I don't use AOL or any other view point product that I am aware of.

Here is the log
Logfile of HijackThis v1.99.1
Scan saved at 2:37:24 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/i ... downls.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/ ... ontrol.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 13th, 2006, 7:16 am

Yes you may uninstall view Point.

Then.

Navigate to
And remove If present. Just remove what I have in bold type.

C:/program Files /View Point

c:/program files/Bear Share



______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked




O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

____________________________
You have QuickTime running at Startup. This is QuickTime's system tray icon and not necessary for the program to function properly. It is considered to be a resource hog.
You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in QuickTime
Player itself to keep it from resetting itself.. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime




Post another log. In the mean time I am going to ask my colleagues about this stubborn udate.exe file.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Hijack log

Unread postby Eagledunk » August 13th, 2006, 10:44 am

Bearshare wasn't there to remove - hopefully that means it is gone.
Let me know when it is safe to use my internet for the banking and such again. The popups are gone.

Is there a virus program out there better than Norton? A friend recommended micro pccillan(sp)

Hijack Log
Logfile of HijackThis v1.99.1
Scan saved at 10:41:06 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/i ... downls.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/ ... ontrol.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 259 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware