Post by: Nichole on November 20, 2005, 01:35:20 PM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> Besides pop-ups- and unpredictable computer shut-downs it seems the computer is slower then usual. Finally I have dl the hjt and am hoping someone can lend me a hand. Thanks muchly.HJT log below :
Logfile of HijackThis v1.99.1
Scan saved at 10:29:55 AM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab (http://\"http://uproar.com/applets/activex/shizmoo/flipside_web18.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email (http://\"http://by107fd.bay107.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (http://\"http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab (http://\"http://fdl.msn.com/zone/datafiles/heartbeat.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab\")
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email (http://\"http://pdl.stream.Email\") Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Post by: guestolo on November 20, 2005, 02:11:31 PM
I need you to do the following
When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open
Right click an empty spot on the desktop and left click NEW>>Folder
A new folder will be placed on the desktop, name it BFU
Download and save p2pnetwork.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=426\")
Then UNZIP it to the BFU Folder
Download and save and then UNZIP to the BFU folder
BFU.zip (http://\"http://www.merijn.org/files/bfu.zip\")
So you now have BFU.exe extracted
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run it yet
==Download and then Install
Ewido Security Suite (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Please save these instructions to a Notepad file and save it to your Desktop for reference
Or Print this out
Open Spybot>> check for updates please and download all updates if any
Disconnect from the Internet
I need you too disable Spybot's TeaTimer so it won't interfere with any fixes we try
You can reenable this once we have you clean, keep it disabled until I give you an all clear
Open Spybot>>click on MODE>>Advanced Mode>>Yes to the prompt
Click on TOOLS on the bottom left
SYSTEM STARTUP>>Uncheck TeaTimer
Allow the change
Access your Add/Remove programs and remove if found
SurfAccuracy
Also remove Party Poker if you didn't intentionally install it
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link I supplied for an alternate method
Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit
Find and delete this folder if found
C:\Program Files\SurfAccuracy <-this folder
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: Well Ewido is running, don't open any other windows, let it do it's job
Do another scan with Hijackthis and put a check next to these entries:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Run SPYBOT
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED
Restart back to Normal mode
Back in Windows
Post a fresh hijackthis log and the whole report from Ewido's
NOTE: This entry in your log
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
That's not how it shows when you paste it back here, can you put a space after the DOT, right before "com"
Before hitting the "add reply" button
It's a board setting, I want to make sure it's legit
I'll remove it if it's your own address later, thanks
Post by: Nichole on November 21, 2005, 01:26:22 AM
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> give or take 50 (lol) the computer began to freeze up and not respond. Eventually it just locked up alltogether and I rebooted it only to find it extremely sluggish even getting into safemode. I am going to reattempt this tomorrow evening after work. If you have any pointers before I start from the top. Im listening. (Im hoping that will still be ok, and Or should I post a fresh HJT? LMK)
Thank you
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />
Post by: guestolo on November 21, 2005, 02:05:43 AM
The latter will be completely cleaned in your final cleanup
If possible
Start the whole fix again, with luck, the main infection is gone, still have to get some leftovers
If you have any file sharing programs
Eg.. Limewire, disable them from running for the time being
Regardless of what happens, post back a fresh hijackthis log and possibly Ewido report
If the Ewido report is too big, can you attach it please
But I would like to see it if you can
I won't be back online till after work tomorrow, so please do what you can
Post by: Nichole on November 21, 2005, 10:50:37 PM
Im giving this one more good effort before I start pulling out my hair,
/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' />) and then I will post back my results. /huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> Nichole
Post by: guestolo on November 21, 2005, 11:05:40 PM
Navigate to the Complete folder and delete all the zip files you don't recognize
Lot's/All will have some bad names, not your fault
The folder will be located in this location
C:\Documents and Settings\<User Account>\Complete
<User Account>= Users profile name
You will have to
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
That should save some time scanning with Ewido
Post by: Nichole on November 22, 2005, 01:23:17 AM
Here is my current HJT :
Logfile of HijackThis v1.99.1
Scan saved at 10:06:48 PM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab (http://\"http://uproar.com/applets/activex/shizmoo/flipside_web18.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email (http://\"http://by107fd.bay107.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (http://\"http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab (http://\"http://fdl.msn.com/zone/datafiles/heartbeat.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab\")
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email (http://\"http://pdl.stream.Email\") Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[color=\"#FF0000\"]Here is a copy of my ewido saved log. (the initial log got deleted because I ended up having to uninstall and reinstall the program before this last attempt at the whole process.[/color]
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:48:12 PM, 11/21/2005
+ Report-Checksum: BF851AF3
+ Scan result:
C:\Documents and Settings\Owner\Complete\The Mummy 1999.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Myth (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Offspring - Greatest Hits (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Pacifier RERIP TC SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Pacifier.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Palette Melody Composing Tool v3.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Panorama FactoryThe Panorama Facto.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Passion Of The Christ OST.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The PC Detective v2.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Perfect Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Prince & Me.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Prince and Me.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Prince.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Prodigy - Music For The Jilted Gener.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Professional Services Firm Bible.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Punisher ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Punisher.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Rakes - CaptureRelease.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Rasmus - Dead Letters.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Rasmus - Hide from the Sunfor.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Reckoning LiMiTED DVD Rip XViD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Regex Coach 0.7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Ring Two (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Ring Two (AC3).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Ring Two PAL MULTI DVD-R.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Ring Two.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Ring.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Rising - The legend of Mangal Pandey Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Roots - Things Fall Apart.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Scottish Loveknot XXX DVD Rip Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Settlers 2 Gold Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Settlers Heritage of the Kings.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Simpson Hit and Run.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Simpsons Hit And Run - RIP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The sims 2 Nightlife.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Sims 2 University.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Sims Unleashed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Sisterhood of the Traveling Pants (2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Sisterhood of the Traveling Pants Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Sisterhood of the Traveling Pants.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Sixth Sense.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Skeleton Key TC XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Skeleton.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Sleuthhound Pro Power Pack v4.61.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The SphereXP 0.81.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Spranos - Oksana Baby (DivX).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Suffering.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Sun 3D Screensaver 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Taste Of Tea.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Terminal.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Transporter (http) DVDrip.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Transporter 2 Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Transporter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Typing Of The Dead.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Usual Suspects.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Vegas 6+DVD Production Suite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Verve - Urban Hymns.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Waterboy & Charlie and the Chocolate Factory.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Weather Man (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Weather Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The World Is Flat A Brief History of th.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The.Skeleton.Key.TS.xVID-LRC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TheHunted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ThemeEngine 5.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ThemeMakerPro Plus SE 1.2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TheSpywareKiller 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\They came back DVD Rip Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Thief 3 Deadly Shadows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Thinkershome Delphi 2 C Plus Plus Builder 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Thinkershome PC Watcher 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Thinkershome Photo to Sketch 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ThumbBuddy 2.1a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ThumbsUp v4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\THX.DTS.Dolby.Digital.Audio.Experience.T.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tidy Start Menu 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tiesto-In Search Of Sunrise 4-2CD-2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Time Crisis Crisis Zone (PS2).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TimeCard Plus 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TimeWarp 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tin Soldiers Julius Caesar.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tinasoft EasyCafe 2.2.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tiny Cars 2 1.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tiny Firewall Pro 6.0.140.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tiny Indian Teen Bend Over For Snatch [censored].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tiny Personal Firewall 6.0.100.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tiny Personal Firewall 6.5.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tiny Personal Firewall Pro 2005 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tinynice MP3Cutter v2.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Titan FTP 4.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Titan FTP Server Enterprise Edition v4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Titan FTP Server Enterprise Edition v4.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TitleBarClock Pro 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TitleBarClock Pro 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tm 7398.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tm 8037.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TM 8382.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Token2 Plus v4.5.2.1349.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tom Petty - Playback.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tomb Raider 3 The Lost Artifact iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tomb Raider 3, the lost artifact.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tomb Raider 5 - Chronicles.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tomb Raider 5 Chronicles.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tomb Raider.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tons of Rapidshare Games.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tony Hawk's Underground 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tony Hawks Underground 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tony Rich Project - Words.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tony Yayo - Thoughts of a Predicate Fe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ToolBar 2000 6.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Top 10 IP Utilities.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Topee CD Ripper 1.2.57.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Topee CD Ripper 1.2.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Topee CD Ripper v1.2.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TopGen 2.611.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Toplang Internet Lock v3.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tori Amos - Mix.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torque ShowTool Pro 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torque ShowTool Pro.v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent - Know, Make, Upload, Search.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent Barbershop.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent Chasing Ghosts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent Chronological X-Men.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent Damn Small Linux 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent FineReader Professional 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent Gran Turismo 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent Microsoft Windows Vista Beta1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent Mortal Kombat Shaolin Monks D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent The Perfect Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Torrent The Sims 2 Nightlife.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Game Control 3.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Game Control 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Game Control v.3.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Game Control v3.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Game Control v3.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Overdose.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Recall v5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Uninstall 3.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Video Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Total Video Converter 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Touching the Void.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Toyota Corolla - 2004 repair manual.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trace Plus 3.6.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TRACE POINT 2005 Vol. 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tracer 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Track4Win pro 2.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tracker 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TrackGrabber 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trackmania Sunrise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TrackMate v5.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tracks Eraser Pro 5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Traffic Inspector 1.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TrainController v5.5B1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Training The Maid [18+].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TrainProgrammer v5.5B1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trainspotting - Soundtrack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TranslateIt! 1.4 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TranslatIt! 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Transporter 2 (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Transporter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trapcode Echospace 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trapt - Someone in Control.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trash It 1.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Treasure Vault 3D Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Treasure Vault 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TRECH 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trend Micro Pattern File 2.773.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trible X-The Next Level.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TriCerat Simplify.Suite 4.0.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trident Software Pragma 4.00.0037.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trillian Pro 3.1.0.121.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trillian Pro 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trillian Pro v3.1.0.121 Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Triple X (xXx).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trivial Pursuit Deluxe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trojan Hunter 4.2.908.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trojan Remover 6.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trojan Remover 6.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trojan Remover v6.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trojan Remover v6.4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trojan Slayer 2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Trojan Slayer 2.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\True Image Enterprise Server 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TrueTTY 2.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Truly Random 1.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TUGZip 3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tunebite 2.0.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TuneUp 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TuneUp Utilites 2006 5.0.2331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TuneUp Utilities 2004 4.1.2316.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TuneUp Utilities 2006 5.0.2331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TuneUp Utilities 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TuneUp Utilities 4.1.2318.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tunnel trance force & Russian Dream.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Turbo FTP 4.5.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Turbo Photo 4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Turbo Sliders 1.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TurboCAD Pro 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TurboDemo Album 1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TurboFTP 4.50 Build 420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TurboFTP 4.50.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Turbolaunch 5.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Turkish Gambit (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TV Player.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TV-Player 1.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TVolution 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tweak XP Pro 4.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tweak-XP Pro 4.0.6 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2005 Pro 1.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2006 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TweakVista™ for Mcft Windows Vista.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TweakWindow v1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Twisted Metal 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Twistingo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Two for the Money (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Two Songbooks (Pink Floid).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TWT Smartplus v2.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Typer Shark , Game + Typing Tutor.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\U.S. Immigration Made Easy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UFS Explorer 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Uk Speaking Clock 10.3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Burn Now 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead CD & DVD PictureShow 3 Deluxe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead COOL 360.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead COOL 3D 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Cool 3D Production Studio v1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead COOL 3D Production Studio.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead DVD MovieFactory 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead DVD MovieFactory 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Gif Animator 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead GIF Animator 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead MediaStudio Pro 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead MediaStudio Pro 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Photo Explorer 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Photo Explorer 8.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Photo Express 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Photo Express 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead PhotoImpact 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead PhotoImpact 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead PhotoImpact.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Video Studio 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Video Studio 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Video Studio 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ULEAD Video Studio 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Video ToolBox 2.0 Home.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead VideoStudio 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead VideoStudio 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead GIF Animator 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultima Online Samurai Empire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultimate Forum Pack 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultimate Spider-Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultimate SpiderMan.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultimate Startup Manager 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltimateZip 3.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra dvd2mp3 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra MP3 to CD Burner 1.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra MPEG Converter v1.8.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra MPEG to DVD Burner 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra Remote Control v2.6.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra Tag Editor 2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra Video Converter 1.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra Video Converter 1.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra Video Joiner 3.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra Video Joiner v3.2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra Video Splitter 3.4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra.Video.Joiner.v3.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra.Video.Splitter.v3.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit 11.10b+2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit 11.10c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit 11.20+3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit 11.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit v11.10b Plus 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit-32 10.20a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.10a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.10c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraISO 7.6 ME.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraISO 7.65.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraISO Media Edition 7.6.2.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraISO Media Edition 7.6.5.1225.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraISO Media Edition 7.65.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraISO Media Edition v7.6.2.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraISO v7.6.2.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraMon 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraSentry 2.00a 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraSentry 2.00a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraSentry 2.0a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UltraSnap Pro 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Undelete Professional 5.0.112.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UnderCoverXP 1.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Understand for Ada 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Understand for C Plus Plus 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Understand for Delphi 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Understand for Fortran 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Understand for Java 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Understanding .NET A Tutorial and Analys.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Understanding IBM Workplace Strategy a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Underwater Photography Magazine.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Underworld.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Une Blonde en Or Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Universal Desktop Ruler 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Universal Resource Scheduler 2.5R2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unleashed 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unleashed DVD RiP XViD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unleashed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unlocker 1.7.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unlocker 1.7.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unlocker v.1.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament 2004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unreal Tournament.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Uplink Hacker Elite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\URIAH HEEP - The Best Of.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\URL Helper 2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\URLBase 6.0.0.10.12 (Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\URU - Ages Beyond Myst.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Usaf 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\User Gate 3.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\UserMonitor 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\uTorrent 1.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\V.A. - Mushroom Jazz Vol.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\V.A. - The passenger.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Angels 2 Chill Trance Essentials 2C.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Anjunabeats Vol. 2 (Mixed by Abov.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Hit Mix 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Ibiza Closing Party (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Madhouse 12 (2CD - 2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Martini Lounge - Coctail Nights.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - RnB Lesson Vols 1 & 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Sonic Vol. 6 (Mixed by DJ Koris).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Value Investor 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vampires Out For Blood FTP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VanDyke CRT 5.0.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vanilla Sky (DivX).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vanilla Sky.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Various Collectors.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\vBulletin 18 Skins Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\vBulletin 3.0.7 (fixed).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\vBulletin 3.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\vBulletin 3.5 Beta 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VCDEasy 3.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vecal dbXpert.for.Oracle.v5.5.83.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Veign Seeker v2.0.0.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Venom 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Venom.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Venture Tycoon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VerseQ 3.0.5 (beta).zip/Setup.exe -> W
Post by: Nichole on November 22, 2005, 01:50:34 AM
C:\Documents and Settings\Owner\Complete\ViceVersa Pro 2.0.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ViceVersa Pro 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Victory Road.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video AVI To Flash SWF Converter 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video Convert Master 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video Convert Master 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video Converter Plus 2.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video Converting and Burning Solution.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video DVD Duplicator 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video Edit Magic 3.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video Edit Magic 4.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video Librarian Plus v5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video To Audio Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video Vault 3.0160.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video-AVI To GIF Converter 2.0.10A9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video.to.Audio.Converter.v2.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoBlender 2.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Videocharge 2.2.3.49.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoCharge 2.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoCharge 2.3.1.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoCharge 3.2.4.37 for Professionals.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoCharge 3.3.5.28 for Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoCharge 3.3.5.28 for Professionals.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoCharge 3.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoCharge Pro 3.33.28.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Videocharge Professional 3.1.2.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Videocharge Professional 3.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoCharge Professional v3.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoDesktop 3.1.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Videofixer 3.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoInspector 1.7.0.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoInspector v1.5.1.84.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoInspector v1.6.1.87.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoMate v11.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VideoReDo 1.6.2.284.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VIETCONG 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ViewCompanion Pro v3.37.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vip Organizer 1.5.227.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VIP Organizer 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VIP Organizer 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virdi Advanced Mail Processor 1.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VirIT eXplorer Pro 5.2.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtua Cop 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtua Tennis.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VirtuaGirl 2.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual CD 6.0.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual CD 6.0.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual CD 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual CD 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual CD 7.1.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual CD 7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual Desk 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual Desktop Toolbox 2.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual DJ 2.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual DJ Studio 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual Encrypted Disk 1.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual Floppy Disk.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual Girl 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual PC 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual PC For Windows v5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Virtual Railroad 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VisKeeper v2.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VisNetic MailFlow 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vista Transformation Pack 1.0 (Update).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VistaDesktop Shell Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VistaTask Pro 4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visual Business Cards 4.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visual Mind 7.0.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visual SQL-Designer 3.99.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visual Zip Password Recovery 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visual.CertExam.Suite 1.7.542.CHiCNCREA.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visualization Handbook.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visualizer Photo Resize 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vital Desktop Video 1.3.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VividLyrics 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VIY 1967 DVD Rip XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VLFormDesigner 1.2.019.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VMware Workstation 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VMware Workstation 5.0. 13124.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VMware Workstation 5.5 Build 15576.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VMware Workstation 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VMware Workstation v4.5.2 build 8848.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VoD.Maker.v1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Voice Technology Software AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VoiceMX Studio v4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Voxagenda v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Voxengo Elephant v2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Voxengo GlissEQ VST 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Voxengo Lampthruster v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Voxengo Polysquasher VST 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Voxengo Redunoise VST 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Voxengo Warmifier VST 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VR Software 2.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VS.net 2003 pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VSL LanToucher Instant Messenger v1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VSO Blindwrite 5.2.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VSO Copy To DVD 3.0.61.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VSO DivXToDVD 1.99.16.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VSO DivXToDVD 1.99.18.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VSO PhotoDVD 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VSO PhotoDVD 2.011.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VueScan 8.2.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VueScan 8.3.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VueScan Pro v8.2.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VueScan Pro v8.2.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VueScan Professional Edition 8.3.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vyapin Admin Report Kit for Exchange Ser.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vyapin Document Import Kit SharePoint.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vyapin.Document.Import.Kit.for.SharePoin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vypress Chat 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wages Of Sin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wake of Death.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wallpapers Collection TOP150 Girls.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wallpapers GTA San Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\wallpapers pack4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wamasoft AutoTyping Pro 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\War of The world SVCD DE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\War of the Worlds (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\War of the Worlds (torrent).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\War Of The Worlds DIVX.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\War Of The Worlds Xvid FR.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\War of the Worlds XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\War Of The Worlds.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Warcraft III Frozen Throne.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Warcraft III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WareZ News Magazine August 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Warez P2P 2.8 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Warhammer 40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Watch Tv for free.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Water Bugs 1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wave Corrector 3.1r1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WaveLab v5.01b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WaxWorks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Way Out West - Intensify.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Album Creator 3.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Album Creator 3.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Cache Illuminator 4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Download Pro 1.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Dumper v2.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Log Suite Pro v2.73 Build 0175.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Log Suite Professional Edition 2.73.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Page Maker 2.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Stream Recorder Pro v1.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Studio 4.0-VeryCool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Thumbnailer 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Translator 5.00.5100.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web-Fi BC 3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web.Map.v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webcam Zone Trigger v1.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WebcamXP Pro 2.19.125.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WebcamXP Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WebEQ Developers Suite v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WebExe 1.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WebLog Expert 3.6 beta2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webmail Retriever for Email Removed v2.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WebMixer 3.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webpage Guard v2.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Desktop Firewall 1.3.0.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Desktop Firewall 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Spam Shredder 1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.56.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.560.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot SpySweeper 4.0.4.430.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.1.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.2.466.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroots Spy Sweeper 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroots Windows Washer 6.0.5 Build 409.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webshots Premium Wallpapers 1600x1200.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Website Downloader v1.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Website Ecommerce.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Website Nucker,Hack any Websites.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WeBuilder 2005 6.2.0.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WeBuilder 2005 v6.2.0.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webyog SQLyog 4.07 Enterprise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webyog SQLyog Enterprise 4.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WebZIP.v7.0.1.1028.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wedding Crashers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wet Young Bitches [18+].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WGCalculator 1.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WhereIsIP v2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Whisky DVD Rip SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\White noise (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\White Noise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\White Nosie [HTTP].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\White Squall.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\White Stripes - Live, 06242005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Whits Chick.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WhosOn Pro 3.4.142.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wild Fire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wild Teens 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wild Wild West (1999).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Will Smith - Lost And Found.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Willie Nelson - Half Nelson (duets).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Willing Webcam 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Willing Webcam 2.8.20050522.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Willing Webcam 2.9.20050729.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Willing Webcam 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Win XP Titanium iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Win-Spy Software 8.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Win-Spy Software v8.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winability Mysecretfolder 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAbility MySecretFolder v3.0 + crack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAbility MySecretFolder v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinACE 2.6d.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAce Archiver 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAce Archiver v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAce v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.07 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.09.4 Pro + ðóññèôèêàòîð + ñêèíû + ïëàãèíû + èã.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.093 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.094 Final Pro + Full + Lite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAMP 5.094 Lite Full Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAMP 5.094 LiteFullPro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.094 Pro Plus Lite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.094.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.1 Surround Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.1 Surround.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp 5.11 Surround Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAMP 5.112.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAmp Pro 5.06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp Pro 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp Pro 5.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winamp Pro v5.094.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAPRS 2.8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinASO Registry Optimizer 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAudio Recorder v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI DVD Copy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 7.0 Be.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 7.0 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI Video Converter is a -IN-ONE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI Video Converter V. 7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinBackup Pro 2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinBackup Professional 2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinBoost 4.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinCHM 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinCloak 1.06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDesign 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDiskXP 1.2.1 (Virtual Encryption Dis.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WindowBlinds 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WindowBlinds Enhanced 4.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WindowBlinds Enhanced 4.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WindowFX 2.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows 2000 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows 2000 with SP4 5 in1 Multiboot.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows 2000 with SP4 5 in1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows 2003 Server 10in1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows 2003 SP1 8in1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows 98 Revolutions Pack 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows And Internet Cleaner Pro 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Genuine Advantage fix.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Installer Helper Utility 2.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Media Player 10.0.0.3923.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Media Player 10.00.00.3923.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Neptune 5111.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows PE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Server 2003 3-In-1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Unattended CD Creator.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Vista Official Icons.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Vista Ultimate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows VISTA.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP 2005 Media Center.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP 64 bit Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP 64-bit pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Corporate SP2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Firewall Log Viewer 0.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Generic Activator and Tweaker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Media Center 2005 2CD ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Media Center 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Xp Media Center Edition 2005 Ful.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Media Center Edition 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP PowerPacker 1.0 RC7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Pro 64 Bit.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Pro 64-BIT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Pro W SP2 Corporate Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Pro x64.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Service Pack 3 Preview.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Service Pack SP2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP SP2 (Bone).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP SP3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Creator Platinum 2.0 Build 014.37.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Creator Platinum 2.5B014.494C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Platinium 7.0.B27.130.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Platinum 6.0.B06.128C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0 Build 27.073.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.B27.066.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.B27.073.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Platinum v7.0.B27.066.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinDVD Recorder 5 Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinFax Pro 10.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winferno PC Confidential 2005.2.212.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinGate Proxy Server v6.0.4 Build 1025.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinGet 2.0.723.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinGet 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinGet v2.0.723.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinGet v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinGuard Pro 2005 5.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinGuard Pro 2006 6.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinHex 12.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinHex 12.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinImage 7.0.7000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinImage 8.0.8000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinImage Professional 7.0g.7009.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WINner Tweak 3.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WINner Tweak 3.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WINner Tweak 3.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WINner Tweak 3.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WINner Tweak SE 2.3.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WINner Tweak v3.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WINner.Tweak.v3.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinOKE v3.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinPatrol 9.7.0.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinPatrol 9.7.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinPatrol 9.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinPatrol Plus 9.7.0.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinPatrol PLUS v9.7.0.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinPatrol v9.0.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinPatrol v9.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinPerfect 5.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinProcesses v0.99.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinProtect 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinQuota 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winrar 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.50 beta 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 7 and Themes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 7 Corporate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Final - Corporate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRar 3.50 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.51 (final).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR and DosRAR 3.50 Beta7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR and DosRAR v3.50 Beta7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR Corporate Edition 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR Gold Plus Extras.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR v3.50 beta 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR v3.50 Final - Corporate Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinReminders 2005 v1.6.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winrescue XP 1.08.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRK.Archiver 2.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinSCP 3.76.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinSearch Pro 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinSettings 2005 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinShadow 2.0.2.202.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinSpeedUp 2.63.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinSwitch 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wintasks Pro 4.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinTasks Pro 5.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wintensity Screen Dimmer 101.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winternals Administrator's Pak 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winternals Administrators pak v5.0 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinTools.net Professional 6.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinTools.net Professional 6.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinTools.net Professional Edition 5.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinWorkBar 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXMedia CD MP3 WAV WMA Converter 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXMedia.CD.MP3.WAV.WMA.Converter 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXP LSD 35 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winxp Manager 4.8.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXP Manager 4.89.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXP Manager 4.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXP Manager 4.92.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXP Manager 4.93.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXP Manager 4.93.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXP Manager 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinXP Manager v4.93.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinZip 10.0b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinZip 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinZip 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Winzip 9 SR-1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinZip Pro 10.0 Beta 6604.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinZip Pro 10.0.6667.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wipe It 3.01.02.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wise-FTP 4 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Witcobber Super Video Converter 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Witcobber.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Without A Paddle.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WM Recorder 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WM Recorder 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wma MP3 Converter 2.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WnSoft PixBuilder Studio 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wolfenstein 3D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wolfenstein Enemy Territory.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wolfram Research Mathematica 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WoltLab Burning Board 2.3.3 + Rus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wonder Boys.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wonder Woman Vol.1 No218 Aug 2005 Comi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wonderland DVD Rip XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wondershare FlashOnTV 2.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Woodstock 99' 2CDs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WoodWorks 0.1.1.4331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WoodWorks v0.1.1.4331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Word 2003 Bible.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Word to PDF Converter.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WordPerfect Corrupt Document Troubleshooter 1.0.48.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WordZap Deluxe 6.58.041.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Workplace Angel 0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\World of Flight.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\World of Warcraft.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\World Online TV 4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\World Online TV 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\World Racing 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\World Soccer Magazine June 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WorldWide FTP v2.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Worms 3D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Worms 4 Mayhem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Worms 5 Mayhem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Worms Armageddeon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Worms Armageddon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Worms Forts Under Siege.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Writers Cafe 1.19.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WS FTP Pro 2006 0 1 0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WW 2 Tank Commander.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WWAYM.NWMaxx.VST.v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WWE - History of the Undertaker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WWE Ppv Summerslam.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WWE Wrestling Videos.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WWF Safari Adventures in Africa.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WWW File Share Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WWW File Share Pro 3.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WWW2Image 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X Codec Pack 1.8.4.151.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X Video Joiner (AVI MPEG WMV Video Joi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X-Clipview 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X-Copy Media Center 2.10.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X-men 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X-Men Legends II Rise of Apocalypse.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X-NetStat Professional 5.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X-NetStat Professional 5.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\x-NetStat Professional 5.46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X-Setup Pro 7.1 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X-Setup Pro 7.2.360.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X-Setup Pro v7.1.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\X2 X-Men United.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\XAMPP 1.4.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Xara Suite 2005 Full.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Xara Suite 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Xara Webstyle 4.0 (451 MB).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings
Post by: guestolo on November 22, 2005, 05:19:20 PM
I take it there were a ton of files this nasty downloaded to your computer
I didn't get a chance to see the whole log from Ewidos
So if you could, I know you ran this many times already
But check for updates with Ewido again
Additionally, in Ewido
Open the Quarantine list
Remove any backups in there you know are bad
EG...
Any backed up zipped files that were removed from this folder
C:\Documents and Settings\Owner\Complete
Highlight them and "remove them finally"
Let's do a bit more cleaning in your log
See if we can get this computer running well again
We can use hijackthis to remove some optional entries on startup or msconfig
But I prefer to use this small download
Codestuff's Starter (http://\"http://www.snapfiles.com/get/starter.html\")
UNZIP it too a folder of it's own, eg.
Make a folder in MyDocuments
Right click and empty spot and left click NEW>>Folder
Name it something like Starter
Unzip the download to that folder
Open Starter.exe
Uncheck an item to disable on startup
Or look within a program first to disable on startup
These are the ones for now I would disable with STARTER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
You can check for updates manually for Java in the Windows control panel, besides, the updater never seems to work very good
Have starter disable this one too, it can be started manually and considered a resource hog
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
Afterwards
Reboot back into safe mode
In case you missed this
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Navigate to the complete folder if found
C:\Documents and Settings\Owner\Complete
Delete any files in the complete folder you didn't download yourself
Stay in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
Run another complete scan with Ewido
SAVE this report when done
Reboot back to Normal mode
Post a fresh hijackthis log and the new report from Ewido's
Let me know how things are running
When was the last time you did a Disk Defragment on this computer as part of regular maintenance?
Post by: Nichole on November 22, 2005, 08:42:41 PM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> When I start it up it just loads and and freezes continuously without allowing me to click anything (like the update button) any advice? Is there another program that would do the same thing?
Post by: guestolo on November 22, 2005, 08:46:49 PM
EDIT<<I guess not, you said you couldn't hit the update button
Have things improved on your end?
When was the last time you Defragged?
Can I see a new Hijackthis log please
Post by: Nichole on November 22, 2005, 08:49:43 PM
& here is my latest HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 5:46:26 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab (http://\"http://uproar.com/applets/activex/shizmoo/flipside_web18.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email (http://\"http://by107fd.bay107.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (http://\"http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab (http://\"http://fdl.msn.com/zone/datafiles/heartbeat.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab\")
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email (http://\"http://pdl.stream.Email\") Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Hope this shows some sort of improvement..
I gotta get dinner for the kids real quick..
Post by: guestolo on November 22, 2005, 08:53:46 PM
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows post a fresh hijackthis log
When was the last time you Defragged?
How are things on your end?
Post by: Nichole on November 22, 2005, 09:41:55 PM
, so I have never run a defrag, should I go ahead and do that? Things are a little better here, There haven't been alot of those official looking pop-ups, just the ones that are an anoyance (ads) Still though we had NO-Pop-ups until my son said he accidentally clicked yes on something about a week and a half ago.
Logfile of HijackThis v1.99.1
Scan saved at 6:20:37 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab (http://\"http://uproar.com/applets/activex/shizmoo/flipside_web18.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email (http://\"http://by107fd.bay107.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (http://\"http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab (http://\"http://fdl.msn.com/zone/datafiles/heartbeat.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab\")
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email (http://\"http://pdl.stream.Email\") Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[color=\"#FF0000\"]ALSO This is my current spybot results below can I rid the second one?[/color]
WildTangent: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Post by: guestolo on November 22, 2005, 10:03:22 PM
I like to run the Disk Defragmenter at least once a month
I suggest to do it in safe mode so minimum is running
What kind of popups are you getting?
What kind of ads?
Let me know that before you run the defragger
Post by: Nichole on November 23, 2005, 08:12:23 AM
Venus123
adchannel.
productopinions
ad.yieldmanager
ad.firstadsolution
ZEDO
Also I get the one(s) that say:
Spyware or Adware may be damaging your computer check ok to scan your PC now.........
Ok thats about it, Im gettng ready to head off to work.
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Have a good day. Ill check back after work,before I defrag./wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />
Post by: guestolo on November 23, 2005, 10:05:12 AM
Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe (http://\"http://swandog46.geekstogo.com/aproposfix.exe\")
Save it to your desktop but do NOT run it yet.
Reboot into safe mode
This must be done in safe mode
Once in safe mode
Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.
Reboot back to Normal mode
Post The entire contents of the log.txt file in the aproposfix folder.
Post by: Nichole on November 23, 2005, 08:01:14 PM
************
Running from directory:
C:\Documents and Settings\Owner\Desktop\ap\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
@="GHFA.I1OPPOPPQPc1CGo.BOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP6A.A096:QGMG"
"Device"="\\\\.\\AdosMan"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\imamclib.sys"
"DriverName"="strmaud"
"HideUninstallerName"="C:\\Program Files\\Alcffice\\ochvices.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\rouduser.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\shumsmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X548626d-b57f-701a-710d-ec0c016ddbee}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Alcffice\\ocmotepg.exe"
************
Removing hidden service:
Service strmaud removed.
Removing hidden folder:
Post by: guestolo on November 23, 2005, 11:17:34 PM
This is mandatory
The log you posted back from Apropos fix was not complete
Did you cut the bottom off?
If unsure
Restart back into safe mode and run it again
Reboot back into Normal mode and post the log from Apropos fix again
Could you also
Download and save F-Secure Blackite (http://\"http://www.europe.f-secure.com/exclude/blacklight/index.shtml\")
to your desktop.
Doubleclick blbeta.exe
Accept the agreement, leave [X]scan through Windows Explorer checked, click scan > next.
You'll see a list of all the items it found. There will also be a log on your desktop with the name
fsbl.xxxxxxx.log (where xxxxxxx represents numbers).
The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply
Post by: Nichole on November 24, 2005, 12:15:43 AM
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\Owner\Desktop\ap\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
@="GHFA.I1OPPOPPQPc1CGo.BOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP6A.A096:QGMG"
"Device"="\\\\.\\AdosMan"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\imamclib.sys"
"DriverName"="strmaud"
"HideUninstallerName"="C:\\Program Files\\Alcffice\\ochvices.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\rouduser.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\shumsmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X548626d-b57f-701a-710d-ec0c016ddbee}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Alcffice\\ocmotepg.exe"
--
[HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
@="GHFA.I1OPPOPPQPc1CGo.BOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP6A.A096:QGMG"
"Device"="\\\\.\\AdosMan"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\imamclib.sys"
"DriverName"="strmaud"
"HideUninstallerName"="C:\\Program Files\\Alcffice\\ochvices.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\rouduser.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\shumsmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X548626d-b57f-701a-710d-ec0c016ddbee}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Alcffice\\ocmotepg.exe"
************
Removing hidden service:
Service strmaud removed.
Removing hidden folder:
Deletion of folder Alcffice succeeded!
Deleting files:
Deletion of file C:\WINDOWS\system32\drivers\imamclib.sys succeeded!
Deletion of file C:\WINDOWS\system32\kdcpldlg.exe succeeded!
Deletion of file C:\WINDOWS\system32\shumsmgr.dll succeeded!
Deletion of file C:\WINDOWS\system32\rouduser.exe succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\CqPXtA33fX6D]
[-HKEY_CURRENT_USER\Software\CqPXtA33fX6D]
[-HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
[-HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}]
Done!
Finished!
11/23/05 21:13:49 [Info]: BlackLight Engine 1.0.25 initialized
11/23/05 21:13:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/23/05 21:13:49 [Note]: 4019 4
11/23/05 21:13:49 [Note]: 4005 0
11/23/05 21:13:53 [Note]: 4006 0
11/23/05 21:13:54 [Note]: 4011 1480
11/23/05 21:13:54 [Note]: FSRAW library version 1.7.1013
11/23/05 21:15:08 [Note]: 4007 0
Post by: guestolo on November 24, 2005, 12:42:15 AM
Apropos fix cleaned some nasties that were hidden>rootkit infection
I'm glad you got it to complete
Sometimes you have to be persistent with these things
Your last hijackthis log looked good
I have a feeling Ewido may work better now, not sure, but that may of been an indication why you were having problems running it
Can you do the following please
Open CleanUp!, click on the CleanUp button
When it's finished, don't reboot or log off yet
Open Spybot, make sure your running version 1.4
Search for updates and run another scan
Clean everything in Red after the scan
Reboot the computer into safe mode
Please do a Disk Defrag as it's been awhile, as mentioned before, this may take some time as you haven't done it in awhile
When it's done
Boot back to normal mode
Just as a precaution, make sure that Norton's is updated and run a full scan
Post one more hijackthis log, let me know how everthings running
We'll do some final cleanup, it won't take long
Do you have Ad-Aware SE Personal 1.06?
Post by: Nichole on November 24, 2005, 08:29:34 PM
1. Wild tangent
2. Windows Security Center.AntiVirusDisableNotify
I know I want the wild tangent gone, but what about the second one?
Post by: guestolo on November 24, 2005, 09:14:52 PM
Quote
Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.I'll add this, since you have Norton Internet Security installed
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date.
If you changed the settings yourself you can safely tell Spybot to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs also disable the Windows Security Center in order to take care of things themselves.
The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.
Go ahead and after the scan, right click on
Windows Security Center.AntiVirusDisableNotify and exclude from detections
Have Spybot fix the entry to Wild tangent
Do you have any entries in your add/remove programs related to Wild tangent? If so remove them
Enter your Windows Control panel>>Double click on the Java Icon
Under the General tab>>Delete files and OK it
Reboot the computer
We can still clean that entry manually if it is still found after that, but I would like to know the following
Quote
Post one more hijackthis log, let me know how everthings running
We'll do some final cleanup, it won't take long
Do you have Ad-Aware SE Personal 1.06?
Post by: Nichole on November 24, 2005, 09:29:03 PM
(P.S. Things are running better from what I see this evening, yes)
Post by: guestolo on November 24, 2005, 09:32:24 PM
Go ahead and defrag that system, Like I said it may take some time as it's been awhile
Be patient
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: Nichole on November 25, 2005, 10:13:53 AM
Scan saved at 7:11:19 AM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab (http://\"http://uproar.com/applets/activex/shizmoo/flipside_web18.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email (http://\"http://by107fd.bay107.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (http://\"http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab (http://\"http://fdl.msn.com/zone/datafiles/heartbeat.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab\")
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email (http://\"http://pdl.stream.Email\") Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mraivc - American Megatrends Inc. - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Yes, I have ad-aware se 1.6
Post by: Nichole on November 25, 2005, 11:57:07 AM
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> ~sighresults below
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, November 25, 2005 8:45:21 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R76 22.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):23 total references
Tracking Cookie(TAC index:3):7 total references
Win32.P2P-Worm.Alcan.a(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11-25-2005 8:45:21 AM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 396
ThreadCreationTime : 11-25-2005 2:18:05 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 11-25-2005 2:18:08 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 11-25-2005 2:18:08 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 11-25-2005 2:18:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 11-25-2005 2:18:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 11-25-2005 2:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 11-25-2005 2:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 11-25-2005 2:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1068
ThreadCreationTime : 11-25-2005 2:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1204
ThreadCreationTime : 11-25-2005 2:18:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1472
ThreadCreationTime : 11-25-2005 2:18:12 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1480
ThreadCreationTime : 11-25-2005 2:18:12 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1500
ThreadCreationTime : 11-25-2005 2:18:12 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
#:14 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1576
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
#:15 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1600
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:16 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1772
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:17 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1804
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:18 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1812
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:19 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 164
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
#:20 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 228
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:21 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 284
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:22 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 328
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE
#:23 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 424
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 6.14.10.7184
ProductVersion : 6.14.10.7184
ProductName : NVIDIA Driver Helper Service, Version 71.84
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.84
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:24 [prismxl.sys]
FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\
ProcessID : 500
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 6.0.1.22
ProductVersion : 6.0.1.22
ProductName : PrismXL Software Family
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : © 1997-2004 New Boundary Technologies
OriginalFilename : PrismXL.sys
#:25 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 11-25-2005 2:18:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:26 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 11-25-2005 2:18:21 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2224
ThreadCreationTime : 11-25-2005 2:18:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:28 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2300
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:29 [nvmixertray.exe]
FilePath : C:\Program Files\NVIDIA Corporation\NvMixer\
ProcessID : 2336
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal
#:30 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 2344
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 66
ProductVersion : 1, 0, 0, 66
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe
#:31 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 2360
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE
#:32 [updater.exe]
FilePath : C:\
ProcessID : 2384
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : Moodlogic Application
CompanyName : Moodlogic
FileDescription : Moodlogic Updater Application
InternalName : Moodlogic Updater
LegalCopyright : Copyright © 2004
OriginalFilename : Updater.exe
#:33 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2484
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:34 [lxbkbmgr.exe]
FilePath : C:\Program Files\Lexmark X1100 Series\
ProcessID : 2500
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Manager
InternalName : lxbkbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmgr.exe
#:35 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2516
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:36 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2544
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:37 [shwiconem.exe]
FilePath : C:\Program Files\Digital Media Reader\
ProcessID : 2560
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Idle
FileVersion : 1, 4, 0, 8
ProductVersion : 1, 4, 0, 8
ProductName : Multimedia Card Reader
CompanyName : Alcor Micro, Corp.
LegalCopyright : Copyright c 2002
#:38 [lxbkbmon.exe]
FilePath : C:\Program Files\Lexmark X1100 Series\
ProcessID : 2668
ThreadCreationTime : 11-25-2005 2:18:34 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Monitor
InternalName : lxbkbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmon.exe
#:39 [watch.exe]
FilePath : C:\Program Files\Mustek 1200 UB Plus\Driver\
ProcessID : 2896
ThreadCreationTime : 11-25-2005 2:18:34 PM
BasePriority : Normal
FileVersion : 2, 3, 8, 0
ProductVersion : 2, 3, 8, 0
ProductName : Watch Dog
CompanyName : Common Group
FileDescription : Watch Dog
InternalName : Alex Chen
LegalCopyright : Copyright © 1998
OriginalFilename : WATCH.EXE
#:40 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3040
ThreadCreationTime : 11-25-2005 2:18:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:41 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2952
ThreadCreationTime : 11-25-2005 3:51:52 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:42 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2276
ThreadCreationTime : 11-25-2005 4:44:47 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:43 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2160
ThreadCreationTime : 11-25-2005 4:44:47 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-15-2007 2:20:18 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 12-24-2005 5:09:04 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 11-24-2010 7:43:30 AM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 11-23-2015 8:40:42 AM
LastSync : Hits:14
UseCount : 0
Hits : 14
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 11-25-2006 8:40:44 AM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-25-2005 8:37:32 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 12-31-2009 4:00:00 PM
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 30
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0070087.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP266\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 31
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
8:52:47 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:25.922
Objects scanned:133918
Objects identified:15
Objects ignored:7
New critical objects:8
Post by: lasgman101 on November 25, 2005, 12:43:33 PM
~guestolo~
Please don't hijackthis this thread
/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' /> Please, Read this (http://\"http://www.thetechguide.com/forum/index.php?showtopic=22942\")
Post by: guestolo on November 26, 2005, 12:37:14 AM
For added protection, please install the following
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
Please check for updates every couple of weeks
Don't forget to enable all protection
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP266\
To remove the last bad entry found by Ad-Aware can you do the following please
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Back in Windows, and you have renabled System Restore
Please run Windows CleanUp! one more time
Let me know how everythings running
Post one last hijackthis log
Any problems?
Post by: Nichole on November 26, 2005, 01:09:22 AM
I also re-ran ad-aware just to check, and it found nothing.. yay!
Logfile of HijackThis v1.99.1
Scan saved at 10:07:01 PM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab (http://\"http://uproar.com/applets/activex/shizmoo/flipside_web18.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email (http://\"http://by107fd.bay107.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (http://\"http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab (http://\"http://fdl.msn.com/zone/datafiles/heartbeat.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab\")
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email (http://\"http://pdl.stream.Email\") Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mraivc - American Megatrends Inc. - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Post by: guestolo on November 26, 2005, 01:29:08 AM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
The above are not needed on startup
I didn't include the iRiver updater in the above, if you find you don't need it running on startup please fix checked this entry too
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
Also, Please have hijackthis fix this next entry
It will be reinstalled if needed, but this is definitely not required
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab (http://\"http://uproar.com/applets/activex/shizmoo/flipside_web18.cab\")
Reboot the computer one more time
Stay safe Nichole
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: Nichole on November 26, 2005, 01:53:12 AM
/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> Everything seems ok so far.
I guess I can move all those little programs into one folder incase I have anything pop-up.
/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' /> Take care &
Happy Holidays.
Post by: guestolo on November 26, 2005, 02:33:36 AM
O23 - Service: Mraivc - American Megatrends Inc. - (no file)
Do you have software installed by this company?
Here's a link
http://www.amidiag.com/ (http://\"http://www.amidiag.com/\")
If no longer installed, please have hijackthis fix that entry
let me know how it goes
Post by: Nichole on November 26, 2005, 12:02:38 PM
O23 - Service: Mraivc - American Megatrends Inc. - (no file)"[/color]
Logfile of HijackThis v1.99.1
Scan saved at 9:00:09 AM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email (http://\"http://by107fd.bay107.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (http://\"http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab (http://\"http://fdl.msn.com/zone/datafiles/heartbeat.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab\")
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email (http://\"http://pdl.stream.Email\") Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Post by: guestolo on November 27, 2005, 11:36:36 PM
I'll lock this topic as your problems appear resolved
Take care Nichole
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />