Spyware troubles - please help
AfterDawn Addict
2. May 2006 @ 21:30 |
Link to this message
@tongakaiyi and tapiiri: Not so fast :)
Tongakaiyi had qhost:
Quote: C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Qhost.r : Cleaned with backup
and that's why hosts must be replaced with clean one:
Download Hoster http://www.funkytoad.com/download/hoster.zip and unzip it to your desktop.
Open Hoster
[*]Click "Make Hosts Writable?" upper right corner (if available)
[*]Click "Restore Microsoft's Original Hosts File" and then click OK
[*]Close Hoster
Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually
This message has been edited since posting. Last time this message was edited on 2. May 2006 @ 21:31
![_](https://cdn2.afterdawn.fi/v3/spacer.gif) ![_](https://cdn2.afterdawn.fi/v3/spacer.gif) |
2. May 2006 @ 23:23 |
Link to this message
Quote: [*]Click "Make Hosts Writable?" upper right corner (if available)
[*]Click "Restore Microsoft's Original Hosts File" and then click OK
[*]Close Hoster
Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually
Couldn't do the 1st 'click' cause the "Make Hosts Writable?" wasn't there, did the 2nd one though. And I'll check on the 3rd one soon. Exactly what does this do? :)
This message has been edited since posting. Last time this message was edited on 2. May 2006 @ 23:24
AfterDawn Addict
2. May 2006 @ 23:45 |
Link to this message
@tongkaiyi: It will replace infected hosts file with Microsoft's original one.
Suspended permanently
3. May 2006 @ 00:36 |
Link to this message
man i had the same problem the last several days homepage got highjacked also heres what it said W32.Sinnake.A@mm i finally fixed it running spysweeper and resetting my IE but it seemed to work so far iam going to scan with several programs to make sure its gone
Senior Member
3. May 2006 @ 00:40 |
Link to this message
Thanks @-kemisti-.
Miss that qhost.
Please start new thread and send there HijackThis log
Account closed as per user's own request
3. May 2006 @ 09:20 |
Link to this message
please can someone help me, im tired of a virus alert which crops up whilst im working, im using avg virus (free) norton anti viru, lavasoft adware se version, and Spybot search and destroy for protection, still NO LUCK !!!
this is my log file, please can someone help me, (avg picks up the virus but when i try to heal, it says that access to that file is denied, and now my limeware (p2p) software has stopped reponding ever since i got the virus,
Logfile of HijackThis v1.99.1
Scan saved at 18:11:34, on 03/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Office Mouse\moffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Office Mouse\MOUSE32A.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\3B Software\Windows Clean-Up Pro\Windows Clean-Up Pro.uzy
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MalwareWipe\MalwareWipe.exe
C:\Program Files\MalwareWipe\MalwareWipe.exe
D:\DOCUME~1\Tan\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
D:\DOCUME~1\Tan\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.doc... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yah... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yah... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpEA1.tmp
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X
O4 - HKLM\..\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe
O4 - HKLM\..\Run: [MalwareWipe] C:\Program Files\MalwareWipe\MalwareWipe.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC406CE-CECD-40A1-9BAE-3883FB39B815}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FC406CE-CECD-40A1-9BAE-3883FB39B815}: NameServer =
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Account closed as per user's own request
3. May 2006 @ 09:24 |
Link to this message
please can someone help me, im tired of a virus alert which crops up whilst im working, im using avg virus (free) norton anti virus, lavasoft adware se version, and Spybot search and destroy for protection, still NO LUCK on gettign rid of the anoyyin alert,
this is my log file, please can someone help me, (avg picks up the virus but when i try to heal, it says that access to that file is denied, and now my limeware (p2p) software has stopped reponding ever since i got the virus,
i also have got my browser homepage hijacked to http://www.safetydefender.com/
but this sometimes changes back to about:blank homepage after a try to delete some stuff that comes up when i use the protection programmes i have just mentioned.
Logfile of HijackThis v1.99.1
Scan saved at 18:11:34, on 03/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Office Mouse\moffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Office Mouse\MOUSE32A.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\3B Software\Windows Clean-Up Pro\Windows Clean-Up Pro.uzy
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MalwareWipe\MalwareWipe.exe
C:\Program Files\MalwareWipe\MalwareWipe.exe
D:\DOCUME~1\Tan\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
D:\DOCUME~1\Tan\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.doc... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yah... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yah... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpEA1.tmp
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X
O4 - HKLM\..\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe
O4 - HKLM\..\Run: [MalwareWipe] C:\Program Files\MalwareWipe\MalwareWipe.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC406CE-CECD-40A1-9BAE-3883FB39B815}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FC406CE-CECD-40A1-9BAE-3883FB39B815}: NameServer =
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Senior Member
3. May 2006 @ 09:37 |
Link to this message
Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Unzip it (folder named SmitFraudFix) to your desktop:
Boot your computer to SAFEMODE.
Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.
You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.
The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".
The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
That log is saved to your local diskdrive, usually C:\rapport.txt.
Send a fresh HijackThis log too.
3. May 2006 @ 09:45 |
Link to this message
Tommorow morning 04.05.2006 I'll post my HijackThis log file for help. This post is only to receive the thread's notification on the infected machine which resides on an other place.
Senior Member
3. May 2006 @ 09:57 |
Link to this message
Hi oracle,
We are waiting :)
3. May 2006 @ 10:14 |
Link to this message
ehh , hey guys , any advice about protecting myself from other threads like this ones ?
No kidding dude!! , im trying to be a Sound and Music Engineer :)
Suspended due to non-functional email address
3. May 2006 @ 11:20 |
Link to this message
All you need for your spyware and virus needs. search google for these programs.
for spyware use - Spybot Search and Destroy - Ad-Aware by lavasoft - the free trial of counterspy is A+++
for viruses - get rid of Norton and download the free version of Avast Antivirus - Detects and Removes viruses and trojans much better than Norton could ever wish to.
I use all of these programs and my computer runs great.
also here's a great registry fixer you might want to use after getting rid of viruses. search for a program called ccleaner also known as crap cleaner. works great. removed over 2 gb's of temp stuff that the windows cleaner never got rid of. also delete's and repairs invalid registry keys, etc. computer is like brand new.
"Either you have a lightbulb stuck in your butt or your colon has a bright idea" Dr. Cox - Scrubs
Suspended permanently
3. May 2006 @ 23:09 |
Link to this message
avast is pretty good correct Trend Mirco and Nod32 are the best though .norton is def. a shit program.
FlakMNKEY, none of thoses programs you listed will work if your IE gets highjacked (which mine did this week) you will need to run Spysweeper in safe mode to fix it as i did works great ,and oh yes HighjackThis is a must program to have
4. May 2006 @ 10:35 |
Link to this message
Thanks a lot Tapiire
I already received an answer in this forum on thread Oracle's HijackThis log.
All you guys are wondrfull
6. May 2006 @ 09:14 |
Link to this message
hey guys i think i have a problem with some other spywares, some named " newdotnet and stuff like so if anyone can help , ill post my hijack log file.
here it goes:
Logfile of HijackThis v1.99.1
Scan saved at 11:11:29 AM, on 5/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Juan Sierra\Desktop\HijackThis.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
No kidding dude!! , im trying to be a Sound and Music Engineer :)
Suspended permanently
6. May 2006 @ 09:21 |
Link to this message
UO777, norton is really a su-par program i would use a better virus program first.
in safe mode run some spyware programs to find this ,Spysweeper and Ewido are two good programs to try first
6. May 2006 @ 22:05 |
Link to this message
After downloading a flash game, actually i was looking for the serial crack number, lots of pop ups...pls help
Logfile of HijackThis v1.99.1
Scan saved at 2:02:30 PM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IC Card Reader Driver v1.8e4\Disk_Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Audacity\wunins000.exe
C:\Documents and Settings\AeqAngah®\Desktop\[PC Games] Ganguro Girl Deluxe (HENTAI).exe
C:\Documents and Settings\AeqAngah®\Desktop\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://svcs.microsoft.com/svcs/mms/serverstatus.asp?Plcid=0409&Ve... F2 - REG:system.ini: Shell=
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-sg\msntb.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\\IC Card Reader Driver v1.8e4\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard17.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad17.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname17.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://plstopup.whyhot.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\sdesrv.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
Senior Member
6. May 2006 @ 23:43 |
Link to this message
Hi aeqmal
Please download Ewido Anti-Malware http://www.ewido.net/en/download/ Ewido Anti-Malware
[*]Install Ewido Anti-Malware
[*]Launch Ewido, there should be an icon on your desktop, double-click it.
[*]The program will now open to the main screen.
[*]When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update Ewido to the latest definition files.
[*]On the left hand side of the main screen click update.
[*]Then click on Start Update.
[*]The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
[*]Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "BFU"
Please download Brute Force Uninstaller http://www.merijn.org/files/bfu.zip Unzip it to its own folder (c:\BFU)
Next, RIGHT-CLICK HERE -> http://metallica.geekstogo.com/alcanshorty.bfu RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).
Do not run the Uninstaller and the Remover yet.
Please reboot into Safe Mode:
Turn on the computer.
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.
*Click on Ewido>Scanner
Then select "Settings"
Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
Select "OK" and you will return to scanning options.
*Click on Complete System Scan and the scan will begin.
This scan can take quite a while to run, so please be patient .
While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose Clean. Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
When the scan finishes, click on "Save Report". This will create a text file.
** Make sure you know where to find this file again. The best place to save it would probably be your Desktop.
Now close Ewido Anti Malware.
Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe
In the script line to execute field copy and paste c:\bfu\alcanshorty.bfu
Press execute and let it do its job.
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Boot normally and send fresh hijack this log and ewidos raport
8. May 2006 @ 07:11 |
Link to this message
this is the report
ewido anti-malware - Scan report
+ Created on: 11:53:50 PM, 5/7/2006
+ Report-Checksum: 33CB689
+ Scan result:
HKLM\SOFTWARE\Classes\WinRes.WindowsResources -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CLSID -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CurVer -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources.1 -> Adware.CoolWebSearch : Cleaned with backup
[676] C:\WINDOWS\system32\aeycfilt.dll -> Adware.Look2Me : Error during cleaning
[808] C:\WINDOWS\system32\aeycfilt.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr0004V.html -> Not-A-Virus.Exploit.HTML.DialogArg : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-linksys.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4F7TUAA3\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4F7TUAA3\drsmartload_js[2].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4F7TUAA3\drsmartload_js[3].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CH4IUM40\drsmartload_js[2].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\P1BLMUSS\NCH%20Swift%20Sound%20Switch%20Plus%20v1.05_crack_keygen_serial[1].htm -> Not-A-Virus.Exploit.HTML.DialogArg : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XOHVXAYC\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XOHVXAYC\drsmartload_js[2].htm -> Downloader.IstBar.j : Cleaned with backup
:mozilla.6:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.7:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.35:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.37:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.38:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.41:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.42:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.45:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.67:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.68:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.80:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.81:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.97:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@ehg-eline.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@vdn.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temporary Internet Files\Content.IE5\900FHLKT\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temporary Internet Files\Content.IE5\900FHLKT\keyboard17[1].exe -> Downloader.VB.aci : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temporary Internet Files\Content.IE5\ZVT335SW\drsmartload[1].exe -> Downloader.VB.ach : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temporary Internet Files\Content.IE5\ZVT335SW\mousepad17[1].exe -> Downloader.VB.aci : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temporary Internet Files\Content.IE5\ZVT335SW\newname17[1].exe -> Downloader.VB.aci : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temporary Internet Files\Content.IE5\ZVT335SW\wallpap[1].exe -> Hijacker.Agent.gp : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\The Others\Cookies\the others@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\drsmartload1.exe -> Downloader.VB.ach : Cleaned with backup
C:\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\keyboard17.exe -> Downloader.VB.aci : Cleaned with backup
C:\mousepad17.exe -> Downloader.VB.aci : Cleaned with backup
C:\Program Files\Windows Media Player\horemoh.dll -> Downloader.Small.ctp : Cleaned with backup
C:\Program Files\winupdate\winupdate.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L'ane Rouge 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L'Astrologue 1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L'emballeur 1.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L'emballeur v1.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L-and-B Jump-Track 2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L-Edit Pro v8.30 with LVS v3.13.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L-System Fractal ScreenSaver v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L-System Fractal ScreenSaver v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0pht AntiSniff 1.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0pht AntiSniff v1.02.1 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0pht AntiSniff v1.02.1 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0pht AntiSniff v1.02.1 by WKT!.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack (LC3) v3.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack 3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack LC 5 Administrator Edition Generic.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack LC 5 v5.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack LC3 v3.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.1 Serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.5 by FR.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.5 by TiMeLoRD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.5 Crack by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.5 Crack by TCA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.5 Crack by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.5 Serial by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v2.52 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v3 (LC3).zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v3 LC3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v3.0 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v3.0 by Etschupu.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v3.0 by PC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v3.0 by Peacemaker.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v3.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v3.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 by Gary Crean.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 by Jurassic Software.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 by N-GeN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 by PGC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 by Pliers.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 by TSRH NEW.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 by Zaphod.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 Crack by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0 Keygen by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.00 by AAOCG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.00 by KLC4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.00 NEW.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v4.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v5.00-Lz0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v5.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v5.02 by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v5.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v5.03 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v5.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v5.04 REAL by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L0phtCrack v5.04 REAL.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\l0stat 1.1 by Core.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\l0stat 1.1 by PC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 Auto Calc v7.0 Datecode 220904 HIRES PalmOS Regged by BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 Autolog v6.02 S60 SymbianOS Regged by BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 Bartender v6.0 ALL PPC Regged by BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 Bartender v6.0 ALL PPC-BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards HIRES v6.0 PalmOS5 Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards v6.0 All for Pocket PC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards v6.0 ALL PPC Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards v6.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards v6.0 for SE P800 P900 Symbian OS 6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards v6.0 HI Res for PalmOS 5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards v6.0 PalmOS Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards v6.0 s60 for Symbian OS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards v6.0 s60 SymbianOS Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 FlashCards v6.0 SE P800 P900 SymbianOS6 Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 IDE v3.029.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 IDE v3.031.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 IDE v3.032.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 IDE v3.033.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 NutriData DATECODE 200704 HIRES PalmOS Regged by BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 Spice-o-pedia v1.0 PalmOS Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 TapWords Clipboard v1.0 PalmOS Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 WorldFacts v1.0 PalmOS Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 WorldFacts v1.0 SE P800 P900 SymbianOS7 Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 WorldHolidays 2005 v1.0 ALL PPC Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3 WorldHolidays 2005 v1.0 SE P800 P900 SymbianOS7 Regged by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3O 2000 v3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3solutions blackjack pls 1.0 ppc serial by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3Solutions Blackjack PLS v1.0 PPC by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3Solutions Blackjack PLS v1.0 PPC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3solutions minesweep 1.0 ppc serial by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3Solutions MineSweep v1.0 PPC by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3Solutions MineSweep v1.0 PPC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3solutions mobiletetra 1.0 ppc serial by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3Solutions MobileTetra v1.0 PPC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3solutions vegas roulette 1.0 ppc serial by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3Solutions Vegas Roulette v1.0 PPC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L3Solutions WorldFacts For Pocket PC v1.0 ALL PPC Regged by COREPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\L8+ 5.2.11.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lab DJ 1.2.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lab DJ v1.2.5 by Cafe.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lab DJ v1.2.5 by Quartex.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lab DJ v1.2.5 Registered by QUARTEX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lab DJ v1.2.5 Registered.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lab DJ v1.2.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lab DJ2 1.1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lab DJ2 v1.1.3-BEAN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAB Obsession VSTi RTAS 1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v1.1 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v1.1 Serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v1.2 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v1.2 Patch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v1.2 Serial by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v1.2 Serial by TCA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v1.2 Serial by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v2.0 by DBC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v2.0 by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v2.1 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v2.1 by Orion.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v2.1 by RP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v2.1 by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Magic v2.1 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Maker Pro 1.0 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Maker Pro 1.0 Serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Maker Pro v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Printer v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Quoting and Estimation 2.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Quoting and Estimation v2.4 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Quoting and Estimation v2.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Wizard Professional v3.32 Regged by DRAGON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label Wizard v3.32 by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Label XP v1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LabelMagic v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Labels Cards and More 2.50.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Labels Cards More v2.50.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Labels, Cards & More v2.50.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Labels, Cards and More 2.50.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LABTECH CONTROLpro 12.0.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LABTECH NOTEBOOKpro 12.0.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Labview profetional 7.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LabView 5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LabView 6i.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LabView All Versions.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LabVIEW Professional Development System v7.1 by FCN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LabVIEW Professional Development System v7.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LabVIEW v7.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LACOS File Synchronizer 1.11.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LACOS File Synchronizer 1.12.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LACOS File Synchronizer 1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lacquer.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LacViet mtdEVA 2002.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Ladder Compiler v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Ladies of Desire Screensaver v1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lady Mate 0.9.5 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lager Lista v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lago Budapest Scenery 2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lago Budapest.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lago Lampedusa.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAGO Multi-product Keygen v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAGO Multi-product Keygen v1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAGO Multi-product Keygen v2.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAGO Multi-product Keygen v2.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAGO Soft Scenary Enhancer v1.0.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAGO TMS Switzerland.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAGO v2.0 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAGO v2.01 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lagoon.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lahey Fortran 95.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LajDesign eOrdering Professional v2.5.0 Read NFO by dT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LajDesign eOrdering Professional v2.5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LajDesign Listen Later v1.1.0 Read NFO by dT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LajDesign Listen Later v1.1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LajDesign Quickie Web Albums v4.0.3 Read NFO by dT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LajDesign Quickie Web Albums v4.0.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lake Clear Animato v1.0c by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lake Clear Animato v1.0c by UCU.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAKE PLS plug-in for MusicMatch JukeBox by Rivers.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lake PLS with Dolby Headphone Plugin v1.00.0030.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lake pls.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge software wisbar advance pocket pc 2002 cracked by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge software wisbar advance pocket pc 2002.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge software wisbar advance pocket pc arm cracked by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge software wisbar advance pocket pc 2000.2003 cracked by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge software wisbar advance pocket pc 2000.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge software wisbar advance pocket pc by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge software wisbar advance pocket pc.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge software wisbar advance pocket pc by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge software wisbar advance pocket pc.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge Software WisBar Advance v2.0.0.1 for PocketPC 2002.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge Software WisBar Advance v2.0.0.1 for PocketPC ARM.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge Software WisBar Advance v2.0.0.1 Pocket PC ARM.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge Software WisBar Advance v2.0.1.1 for Pocket PC 2000 and 2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge Software WisBar Advance v2.0.1.1 Pocket PC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakeridge Software WisBar Advance v2.0.1.2 Pocket PC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lakhei NoopFTP v1.1.0.88.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lambsoft MoveTools 1.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lambsoft Pro-Motion 1.7.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lambsoft Smirk 1.5 for Max 3.x.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAME v3.xx.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Laminator 2.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lan Box 1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Buster v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Chat 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Chat Enterprise 3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Chat Enterprise v3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Find v2.2 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Find v2.2 by SnD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Find v2.2 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Find v2.4 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Find v2.4 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lan helper 1.20 cracked exe by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Info 0.24.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lan looking any network 2.68 crack by forteam.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN MapShot v1.0 build 10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Meter Reporter v4.1 build 9.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Monitor v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Search 5.0 PRO.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Search Pro v5.0 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Search Pro v5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Search v2.1 build -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Spider v2.0.0.3492.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Spirit v1.5.9.258.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Spirit v1.8.0.158.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Stealth 1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Supervisor v2.7.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN Trend 2.5.31.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lan-Box v1.01 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lan-Box v1.01 by FR.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN-BOX v1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lan-Box v1.04.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lan-Box v1.04a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lan-eMail Pro 2004.11.1130.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN-eMail Pro v2003.12.927.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN-eMail Pro v2004.5.1053 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN-eMail v2002.12.585.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LAN-eMail v2004.5.1034 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LanBuster v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LanBuster v1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LanBuster v1.02 by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LanBuster v1.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LanceLogic v1.00 Unlocker by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LanConference v1.09 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LanConference v1.09 by SND.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Land and Sea.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LandDesigner 2000 French.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Lander.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LandiRenzo Omegas By Vash.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landscape Explorer 2000 v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landscapes v.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landschaftsgenerator 2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landschaftsgenerator 2.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landware Financial Consultant v2.02 PalmOS by aSxPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landware Leonard Maltin 2005 Movie Guide v1.0 ARM XScale PPC2002 by aSxPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landware Money Magazine Financial Assistant v1.0 PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landware Shanghai Pocket Essentials v1.0 All PPC by aSxPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landware Small Talk Language Translator v1.4 MULTILANGUAGE PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LandWare Wine Enthusiast Guide 2005 v1.3 Build 0091 XScale.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\Landware Wine Enthusiast Guide v1.2 PalmOS by aSxPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Uploads\LandXpert Design v2.4 German by Substance.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\WINDOWS\keyboard17.exe -> Downloader.VB.aci : Cleaned with backup
C:\WINDOWS\mousepad17.exe -> Downloader.VB.aci : Cleaned with backup
C:\WINDOWS\newname17.exe -> Downloader.VB.aci : Cleaned with backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\WINDOWS\system32\kpdlt.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\p2pnetworking.exe -> Backdoor.Rbot.rc : Cleaned with backup
C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup
C:\xz.exe -> Backdoor.Rbot.rc : Cleaned with backup
::Report End
8. May 2006 @ 07:17 |
Link to this message
Logfile of HijackThis v1.99.1
Scan saved at 11:12:05 PM, on 5/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IC Card Reader Driver v1.8e4\Disk_Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\newalert.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\AeqAngah®\Desktop\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://svcs.microsoft.com/svcs/mms/serverstatus.asp?Plcid=0409&Ve... F2 - REG:system.ini: Shell=
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-sg\msntb.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\\IC Card Reader Driver v1.8e4\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://plstopup.whyhot.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://cdn.messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\r0p80a7ued.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
Senior Member
8. May 2006 @ 09:09 |
Link to this message
Wow ! what a collection you have :)
Update Ewido
Please download Look2Me-Destroyer.exe -> http://www.atribune.org/ccount/click.php?id=7 to your desktop.
* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
start comp to Safe mode
Do rescan with Ewido and save raport.
Boot normally and send ewidos raport and fresh HijackThis log
8. May 2006 @ 17:51 |
Link to this message
look2me destroyer does not reopens in 1 min..
Senior Member
8. May 2006 @ 20:01 |
Link to this message
Try open it yourselves.
9. May 2006 @ 08:53 |
Link to this message
ewido anti-malware - Scan report
+ Created on: 12:50:23 AM, 5/10/2006
+ Report-Checksum: ADBDAC6
+ Scan result:
:mozilla.21:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.44:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.45:C:\Documents and Settings\AeqAngah®\Application Data\Mozilla\Firefox\Profiles\djugzfni.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Cookies\aeqangah®@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@adserver.71i[1].txt -> TrackingCookie.71i : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\AeqAngah®\Local Settings\Temp\Cookies\aeqangah®@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
::Report End
![_](https://cdn2.afterdawn.fi/v3/spacer.gif) ![_](https://cdn2.afterdawn.fi/v3/spacer.gif) |
Senior Member
9. May 2006 @ 08:58 |
Link to this message
looks better :)
Please send fresh hijack log too.