Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


DO NOT post a ComboFix log unless requested to.


Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages V   1 2 >  
Closed TopicStart new topic
> Need Help With Spyware/malware Removal (don't Know Which Apps), Computer now runs sluggish with strange errors
Jesusc500
post Dec 19 2006, 11:14 AM
Post #1


Member
**

Group: Members
Posts: 25
Joined: 19-December 06
From: Texas
Member No.: 102,030
Good day,
I have included a HiJack This log file (below) in hopes that I can get some assistence on my computer problem. Any and all help that you can give would be greatly appreciated.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:02:35 AM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\FNTS~1\svchost.exe
C:\Documents and Settings\Eric\My Documents\?icrosoft.NET\c?rss.exe
C:\Program Files\Common Files\{D421BE45-0BB0-1033-0609-040518050001}\Update.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {AE8CCF7E-7097-2839-931F-7BE52B1E179E} - C:\WINDOWS\system32\oidsz.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {AE8CCF7E-7097-2839-931F-7BE52B1E179E} - C:\WINDOWS\system32\oidsz.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3421B~1\Bar888.dll
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\KENSIN~1\MouseWorks\IE_KMW.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3421B~1\Bar888.dll
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [{D421BE45-0BB0-1033-0609-040518050001}] "C:\Program Files\Common Files\{D421BE45-0BB0-1033-0609-040518050001}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ooam] "C:\PROGRA~1\COMMON~1\FNTS~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Wfxbn] C:\Documents and Settings\Eric\My Documents\?icrosoft.NET\c?rss.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: msconfig.exe
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Go to the top of the page
 
+Quote Post
Rawe
post Dec 19 2006, 01:46 PM
Post #2


Forum Addict
******

Group: Malware Response Team
Posts: 2,328
Joined: 5-July 05
From: Finland
Member No.: 25,956
Hello and welcome smile.gif

Please print these instructions out, or write them down, as you can't read them during the fix.

Before we get started I need you to disable AdWatch as it might interfere with the fixes.

Right-click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically.

Uncheck both of those boxes and close Ad-Watch.

==

1. Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-select "Only if threats were found"
Close AVG Anti-Spyware, DO NOT run a scan just yet, we will shortly.

==

2. Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

==

4. Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by double-clicking BFU.exe
  • Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program.
==

5. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post back with the AVG Anti-Spyware results in your next reply along with a fresh HijackThis log. thumbup2.gif


This post has been edited by Rawe: Dec 19 2006, 01:48 PM


--------------------
Hi there, stranger!

Please do not PM/email me for support, forums are there for a reason. :)



If I have helped you resolve your problem, please consider a donation to help me continue the good fight.

You don't need a PayPal account to donate.
Go to the top of the page
 
+Quote Post
Jesusc500
post Dec 24 2006, 04:30 PM
Post #3


Member
**

Group: Members
Posts: 25
Joined: 19-December 06
From: Texas
Member No.: 102,030
Thanks for helping with my issue.

Here is the latest

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:20:52 PM 12/24/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\WINDOWS\RXJpYyBGb290ZQ\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\RXJpYyBGb290ZQ\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A2CB8242-65E2-A803-8CBD-9D81A18D7D99} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B288C773-0ADE-754D-254F-7D7707CB8801} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B9FCA0E1-7B64-E16E-A3DC-00928170618E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D197DBF5-A960-6CAE-20A1-FFCAF4879290} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1390067357-725345543-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\MalwareWipe -> Adware.Malwarewipe : Cleaned with backup (quarantined).
C:\Program Files\MalwareWipe\malwarewipe.ini -> Adware.Malwarewipe : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5} -> Adware.Malwarewipe : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20061219-102901-857.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159638.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20061219-102901-249.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{D421BE45-0BB0-1033-0609-040518050001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{D421BE45-0BB0-1033-0609-040518050001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP809\A0159324.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP809\A0159336.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159639.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159676.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159677.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159678.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159679.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159680.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159681.exe -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Cleaned with backup (quarantined).
C:\My Music\_\1 Video Converter v.4.1.22.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Acala DVD PSP Ripper 2.5.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Adobe After Effects 7.0.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Alchemy Mindworks Electronic Greeting Card Construction.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Alcohol 120 1.9.6.4719.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Alive Task Manager v1.6.9.57.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Altered 2006 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Amazon DVD Shrinker v2.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\AnyDVD 6.0.8.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\AnyDVD 6.0.9.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Arial Audio Converter 2.3.39.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Arial Audio Converter 2.3.40.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Arial Sound Recorder v1.43.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Asterix.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Audio Editor Gold v9.2.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Auto Mail Sender v3.00.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\BarCodeWiz Barcode ActiveX v.2.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Beer Tycoon iSO-RELOADED.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Beer.Tycoon-RELOADED.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Blood Diamond CAM VCD iNT-MrNiceGuy.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\CafeSuite 3.39.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Candyman 3 Day of the Dead DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Carlitos Way Rise to Power.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Carlitos Way.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Checking Out 2005 LIMITED DVDRip XViD-mVs.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Cheetah CD Burner v3.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Cheetah DVD Burner v1.7.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Color7 Factory 7.2.2.16.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Color7 Video Converter v7.9.0.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Color7 Video Studio v7.9.0.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Confetti 2006 DVDRip XviD-LiNE.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\ConvertXtoDVD v2.1.7.188.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\CursorXP 1.31.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Cute FTP Pro v8.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\CyberLink PowerProducer v.4.00.1024c.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\DFX Audio Enhancer 8.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\DFX Audio Enhancer 8.313.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\DVDFab Gold 3.0.5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\DVDFab Platinum 3.0.3.8b.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Dead Lenny 2006 DVDRIP XVID-ConvicT.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Deal Or No Deal - UK Version Pc.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Deal Or No Deal Dvd Game Pc.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Deck The Halls TS Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Delorme Street Atlas Plus 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\DigitByte MPEG Joiner 2.0.0352.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Dreamfall The Longest Journey Pc.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Easy CD and DVD Cover Creator v4.12.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Elaborate Bytes CloneDVD v.2.9.0.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Everest Ultimate Edition 3.01.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\FantasyDVD Player Platinum 9.2.9.1116.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Fast Folder Access v1.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\FileUploader.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\First Eagles The Great War 1918 iSO-FLT.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\FlashGet 1.80 + Universal Tweaker (Crack).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Forge of Freedom-DVNiSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Fruity Loops Studio XXL Edition.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\GetSmile v1.93.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Ghost Surf Platinum 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Goleo VI - 2006 Fifa World Cup Hits.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Goodfellas.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\HDDlife Pro v2.9.109.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Hacking Google Maps and Google Earth.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Half-Life 2 Episode One Pc.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Harsh Times FS DVDSCR XViD-xV.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Heat.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Heroes of Might.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Hiroshima.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Hitman Blood Money iSO-RELOADED.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\ISS BlackICE PC Protection 3.6 cpy.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\ISS BlackICE Server Protection 3.6 cpy.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Internet Download Accelerator 5.1.2.1051.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Internet Download Accelerator 5.2.1.1057.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Internet Download Manager 5.05.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Intervideo WinDVD Platinum 8.0 Build 06.104 Release 2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Just Friends DVDRip XviD.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Likno Web Button Maker v2.0.116.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Limewire Professional 4.12.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Macro Mania 11.2.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Made Man-RELOADED iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Magic Translator v.8.00.6552.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Magic Video Converter v7.9.0.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Marvel Ultimate Alliance Pc Iso.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\McFunSoft 3GP Video Converter v7.9.0.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\McFunSoft PSP Video Converter v7.9.0.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\McFunSoft iPod Video Converter v7.9.0.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Microzoft office 2007 Enterpris.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\MindSoft Utilities XP v9.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Mobile Games (more than 1000).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Mobile Phone Unlocking 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Movie DVD Maker v1.7.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\My Screen Recorder Pro 2.47.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\My Screen Recorder Pro 2.48.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Need For Speed Carbon iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\NewsAloud 1.09.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\NewsAloud v1.09.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Nitro PDF Professional 4.91.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\NoClone Enterprise Edition v.4.0.27.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Nokia 60 Series sw AIO 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Norton Partition Magic 8.05.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Okoker Audio Factory 1.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Okoker Easy Recorder v1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Open Video Converter v3.0.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\PC Tools Antivirus 3.0.0.15.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\PC Wizard v2006.1.713.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\PCHeal v1.12.11.2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Photomatix Pro v.2.3.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Planescape Torment iso.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Plato Video to iPod PSP 3GP 3.38.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Radiotracker Platinum Edition 3.0.0.33.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\RapidShare Grabber 1.4.6B.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Rapidshare Grabber 1.4.7A.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\RealPlayer 10.6 Premium.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Recover My Files v3.98.5178.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\RegDoctor v.1.74.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\RegDoctor v1.74.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Remote Control Pro 2.9.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\River Past Audio Converter Pro v7.1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Runaway 2 The Dream Of The Turtle-RELOADED iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\RyanVMs Windows XP Post-SP2 Update Pack 2.1.5a.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Scarface.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Security Task Manager 1.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Shortbus PROPER LiMiTED DVDSCR XViD-HLS.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\SiSoftware Sandra XI 2007 1.11.17 Pro Engineer.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Silent Hill 4 The Room Pc.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Sleeper Cell - Season 1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Slumber Party 2005 STV DVDRip XViD-BeStDivX.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Smart Install Maker v3.09.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Snakes On A Plane WS DVDRip XviD-iMBT.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Speed Startup v1.03.09.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Star Wars Empire At War iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Super Screen Capture 4.12.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Super Win Speed Startup 1.03.09.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Superman II The Richard Donner Cut 2006 DVDRIP XViD-PiP.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Sweet Land LIMITED DVDRiP XViD-HLS.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Sygate Firewall Pro v5.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\TextAloud MP3 2.221.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\TextAloud MP3 v2.221.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\The Casino.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\The Damned 2006 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\The Godfather 2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\The Godfather 3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\The Godfather.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\The Pursuit Of Happyness CAM VCD-PreVail.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\The Ringtone Maker v3.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\The Straight Story DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\The Untouchables.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Throttle v6.12.11.2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\ToCA Race Driver 1 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Tom Clancys Rainbow Six Vegas.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Trend Micro Anti-Spyware 3.5 Build 104.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Trillian Pro 3.1.0.121.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\TuneUp Utilities 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Turbo C++ 3.0 Compiler.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Turbo File Uneraser V1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\TweakMaster Pro v2.50.2822.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Typhoon Autorun III Professional v3.2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\UltimateDefrag v1.34.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\UltraISO Premium Edition 8.5.1.1860.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\VSO ConvertXToDVD 2.1.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\VSO Software PhotoDVD 2.3.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Video Charge v3.6.6.21 Pro.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Video Edit Magic 4.25.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Video Inspector v1.9.0.102.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Vietcong 2 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Virtual Flash Drive 3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\VueScan v8.3.85.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\WeatherAloud 1.62.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\WeatherAloud v1.62.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Web Translator 8.00.6516.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\WinCapture v8.4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\WinHex v.13.6 SR-4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\WinOKE v3.22.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\WinRAR 3.62 Multilanguage.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\WinX DVD Player 3.0.20061101.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Windows Genuine Advantage Validation 1.5.723.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Windows Live Mail - Desktop.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Windows XP official Zune Theme.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Wintersport Bobfahren 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Wintersport Snowboard 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\World War III Black Gold iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\XP Tools v6.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Xilisoft DVD To MP4 Converter v4.0.53.0818.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Xilisoft Video Converter v3.1.19.1208b.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\XoftSpy v4.22.216.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\Zealot All Video Joiner v3.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\iPod Media Studio.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\iSudoku 2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\n00zn00zn00zn00z.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\nVidia DVD Player 2.55.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159727.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\t.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Music\_\0day mp3s, full quality albums.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\0day mp3s, quality albums.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\18 Wheels of Steel Convoy Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\ACDSee v8.0.39.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\AV Voice Changer Software Diamond v4.0.50.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\AVG v7.0.280.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Adobe Acrobat v8.0 Professional.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Adobe Photoshop CS2 Tryout to Full Activation.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Adobe Photoshop CS2 v9.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Advanced Office Password Recovery v3.03 PRO.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Ahead Nero v7.5.9.0A.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\BT Engine v4.7 Build 1126-TE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Battlefield 2 NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Battlefield Vietnam NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Bookworm Adventures Deluxe v1.0-DELiGHT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Brothers In Arms Earned In Blood UNLOCKER-UNBAiSEDGOATS.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Brothers in Arms Road to Hill 30 FiXED CHEATS.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\C and C Generals Zero Hour GERMAN No-CD Fixed Image.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Call of Duty 2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Call of Duty United Offensive Minimizer.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Call of Juarez NODVD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Chili FTP v1.1.0.18.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Civilization 4 UPDATE v1.61 CRACKFiX iNTERNAL-CARBON.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Colin McRae Rally 2005 Crash Fix-IND.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Colin McRae Rally 2005 Crash Fix.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Commandos 3 Destination Berlin ALL ACCESS CHEATDOX.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Devil May Cry 3 Special Edition RELOADED CRACK-IFreon.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Diner Dash Flo On The Go v1.0.0.116-DELiGHT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Diner Dash Flo On The Go v1.0.0.119 GAME.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Dungeons And Dragons Dragonshard.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Easter Bonus v1.01 Unlocker-TNT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Easy File Sharing Web Server v3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\ElcomSoft Advanced Archive Password Recovery ARCHPR v3.01.7-POPUP.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\ErrorSafe v1.1.44.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\F E A R NODVD CRACK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Fifa 2005 Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\GData AntiVirusKit 2006-YYePG.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Ghost Recon Advanced Warfighter.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Google Earth Pro 3.0beta-VOORHEES.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Grand Theft Auto San Andreas NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\HP Infotech CodeVisionAVR v1.24.6 Pro.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Half Life 2 OFFLINE ACTIVATION PATCH-oWNAGE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Half Life 2 OFFLINE ACTIVATION PATCH.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti Virus Personal 5.0.388-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti Virus Personal 5.0.388.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti Virus Personal 5.0.527.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus 6.0.1.411 not blacklisted key.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.0.299 FINAL-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.0.299 FINAL.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.0.300-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.0.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.0.303 RUSSiAN-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.0.303 RUSSiAN.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.0.303-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.0.303.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.1.411 RUSSiAN-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.1.411 RUSSiAN.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.1.411-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Anti-Virus v6.0.1.411.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Internet Security 2006 v6.0.0.290 RC6 CRK-FFF.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Internet Security 2006 v6.0.0.290 RC6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Internet Security v6.0.0.300 WIN German-RHI.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Internet Security v6.0.0.300-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Kaspersky Internet Security v6.0.0.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Lingvosoft Flashcards English To Persian Farsi v1.6.14.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Luxor 2 v2.0.6.15 PLUS 10 TRAINER-Unleashed.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\MOTO GP Ultimate Racing Technology Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Microsoft Windows Vista FINAL.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Mobile Ringtone Converter v2.3.11-TE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Mst defrag home edition 1.8.30.58.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\NEED FOR SPEED MOST WANTED CDKEY-2RENTZWH0REZ.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\NEED FOR SPEED MOST WANTED.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\NEED FOR SPEED Most Wanted [MULTI] No-DVD Fixed Image.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Need For Speed Carbon ALL ACCESS CHEAT-ReVOLVeR.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Need For Speed Carbon ALL ACCESS CHEAT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Need for Speed Carbon CHEAT CODES-Unleashed.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Need for Speed Carbon Collectors Edition PLUS 16 TRAINERDOX.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Need for Speed Underground 2 NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\NewsLeecher v3.0 Final..Incl CRACK-RESURRECTiON.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Nikon Capture v4.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\PPT2DVD v2.5.2.128.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\PaperCut Quota v5.2.570.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Passware Access Password Recovery Key v6.5.918.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\PolderbitS Sound Recorder And Editor v4.0.90.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Prince Of Persia 2 Warrior Within NoDISC-MiNT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Prince Of Persia 2 Warrior Within NoDISC.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Pro Evolution Soccer 5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\QUAKE 4 DVD CRACK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\QUAKE 4 NOCDKEY.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Quake 4 KEYCHECK FiXED-SKULL.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\RegCure v1.0.0.43.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Registry Mechanic v6.00.750.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Sd4hide SafeDisc 4 Hider 1.0-SKULL.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Second Sight Unlocker Complete.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Security Task Manager 1.6c.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Security Task Manager v1.6f.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Skyshape MP3 Resizer v1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\SlySoft AnyDVD v6.0.9.0-CRD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\SlySoft CloneDVD v2.7.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Splinter Cell Pandora Tomorrow NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Spyware Doctor v3.1.0.312.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Spyware Doctor v4.0.0.2618.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Star Wars Battlefront 2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Star Wars Empire at War Launcher NoCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Super Video Cap v4.0.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\TOCA RACE DRIVER 3 NODVD CRACK-MORESMELLYTNTANUSFARTS.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\The Elder Scrolls IV Oblivion NoDVD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\The Godfather The Game NODVD-GHC.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\The Lord of the Rings The Battle for Middle-earth-VENGEANCE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\The Sims 2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\TrojanHunter v4.1 Build 903.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Ulead VideoStudio v9.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\VMware Workstation v5.0.0.13124-ZWT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Vampire The Masquerade Bloodlines v1.2 NoCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\WinAVI Video Converter v7.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\WinRAR v3.51.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Windows Vista FINAL raVen.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\XP Repair Pro v2.4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Xilisoft 3GP Video Converter v2.1.55.1025b.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\XoftSpy v4.21.134-CRD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\Zuma Deluxe ALL ACCESS CHEAT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\My Music\_\n999tn999tn999tn999t.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP809\A0159311.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159726.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159732.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\WINDOWS\Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\z.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159770.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159753.exe -> Downloader.PurityScan.dr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159741.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\WINDOWS\ejxqi.dll -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\ykmoh.dll -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159742.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.429:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.697:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Eric\Cookies\eric@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.48:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.49:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.708:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.81:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.84:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.155:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.156:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.157:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.15:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.16:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.17:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.18:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.19:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.20:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.21:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.22:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.40:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.41:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.42:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.43:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.44:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.456:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.45:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.503:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.624:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.625:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.653:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.654:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.665:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.666:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.676:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.698:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.699:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.700:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.709:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.711:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.740:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.741:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.680:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.681:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.179:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.180:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuoce
Go to the top of the page
 
+Quote Post
Jesusc500
post Dec 24 2006, 09:49 PM
Post #4


Member
**

Group: Members
Posts: 25
Joined: 19-December 06
From: Texas
Member No.: 102,030
C:\Documents and Settings\Eric\Cookies\eric@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.78:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.91:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.92:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\yuocekzg.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP811\A0159733.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\RXJpYyBGb290ZQ\lrLDsV13vZ6Xtk.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wintsvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).
E:\MP3 MUSIC\Other\AV Voice Changer Diamond Edition 4.0.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\+{mininova org}+ Superman Returns [2006] DvDrip [Eng]-aXXo - [www slotorrent net].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\2006 dvdrip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\237 For Dummies ebooks Wiley Publishing.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\300 Great Fiction ebooks 126MB (by Prisoner 520).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\32 34 121 Sin Sys Exe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\3D Stereograms - 2nd Release.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\400 Jamster Ringtones.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\50 Fun Old Ass 80s Games iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\5X100mbitseedsSilent Hill iNTERNAL CAM-HYdRO.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\A+ Technicians-On-The-Job-Guide To Windows XP.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Absolute Christmas (2006) 3577521 TPB.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Air America Radio - The Al Franken Show 121206 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Air America Radio - The Al Franken Show 121306 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Air America Radio - The Al Franken Show 121406 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Air America Radio - The Al Franken Show 121506 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Air America Radio - The Majority Report 042106 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Air America Radio - The Marc Maron Show 042106 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Air America Radio - The Sam Seder Show 121506 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\All Microsoft Windows Cracks rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\All RSS feeds.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\American Conquest Divided Nation-RELOADEDBRANDNEW WESEED.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\American Conquest Divided Nations SFCLONE-PLEX TeamExtream.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Animal Sex Dogs Horses Pigs Snakes And Cows Are bleeped Or Fu.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Animaniacs season 1 - Pinky & The Brain shorts [xvid dvdrip honeyko].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Anime Torrent Pack 001 [www play-europe net].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Anydvd 6 0 9 7 + SND CRACK 1 40 !IT'S WORKIN!.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Aperture Dmg.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Arthur Et Les Minimoys FRENCH TS XviD CiNEFOX-Up-By-DivxTorrents.net.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Arthur et les minimoys french TS.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Astonishing X-Men 1-13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\AudioBook Terry Pratchett - Guards! Guards!.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Azureus2 4 0 0 Jar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Bitcomet accelerator Pro new vercion.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Blue Note A Story Of Jazz [CD 3 Modern Notes-Others Notes] www btorrent altervista org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Bratz Genie Magic 2005 STV DVDRip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Brave Story.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Browse categories.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\CNET Channel.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\CNET News.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\CNET TV.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\CSI 3 Dimensions Of Murder PC DVD.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\California airphoto mosaic (1 meter).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Causality 20061219 png.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Charles Brown - Sings Christmas Songs [1961].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Charlottes Web 2006 Cam CAMERA KvCD-aNaRcHi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Chd 3 2 Bat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Checco Zalone Zelig Ultima zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Christmas Desktop Wallpapers.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Closer N44 Du 17 Au 23 Avril 2006 eBook pdf.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Compare Prices.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Complete WOW Philippines Ad mpg.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Computer Gaming World Magazine May 2006 PDF eBook-YYePG [www NewTorrents info].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Computers and Security Volume 25 Issue 8 November 2006 eBook-EEn.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Contact Us.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ConvertXToDVD 2 0 12 126 zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Cool videoclip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Copyright Policy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Cucusoft MPEG AVI to DVD VCD SVCD MPEG Pro v7.07.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Dan Reason 3 0 Full Serial.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Dave Crash MPG.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Dcp 4 13 06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Design and server updates.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Digit Magazine May 2006 PDF eBook-YYePG.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Do Do Ing Win Nt Exe.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Doctor Who 2005 S02E02 PROPER WS PDTV XviD-GOTHiC [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Doctor Who 2x02 (PDTV-RiVER)[VTV].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Doctor Who S28E02 WS PDTV XviD-RiVER [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Dreamfall The Longest Journey 2 RELOADED-blackcats.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Dreamfall The Longest Journey 2-RELOADED(bt-gm EFnet).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Dreamfall The Longest Journey 2-RELOADEDBRANDNEW WEBSEED.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Duck Tales 1 100.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EASYSQL 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EAuthentix Outlook Plug-in 1.2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EBAS 1.0.0.10.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EBM (Evidence Based Medicine) Reports 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EBP Business Plan Designer 3.0.12.23.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EBRcart 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EBRclock 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EBgo Sniper 1.4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EBgo Windows CD Key Extractor 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EBook Maestro Free 1.50.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EBook Maestro Pro 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EC Watermark 2.1 build 388.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ECTACO English - Spanish Talking Dictionary 3.0.58.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ECTACO FlashCards English - German 1.1.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ECTACO FlashCards English - German 1.1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ECTACO FlashCards English - Spanish 1.1.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ECTI 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EClean 1.4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EClock 3.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EControl Syntax Editor 2.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ECrawl 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ED for Windows 4.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDA 01.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDGE Diagrammer 5.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDI ClinicPro 6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDIdEv SEF Reader 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDL AutoSave 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDXOR 1.65.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDictionary English-Russian 4.0.19.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDraw Flowchart ActiveX Control 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDraw Flowchart Software 1.6.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDrill Math Flashcard 3.26.2005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EDrill's SpellingBee Flashcard 2.20.2005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EEBond 26.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EFGrabber 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EFM--CAD and Image File Manager 2.6.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EFR (Extended Find and Replace) 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EFS Key 6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EFS Standard 5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EFT123 2.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EFormMaster 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EGems Collector Pro 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EGtray 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EHusBook 2.34.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EIOBoard 1.8.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EIPC Calendar 1.07.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EIPC Free Image2Icon 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EJournal 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ELCAD 7.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ELChart ActiveX DLL 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ELImageCompare 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ELImageCompareNET Mobile Edition DLL 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ELPLA Analysis of Slab Foundation 9.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ELPhotoX ActiveX DLL 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ELSA Victory II Drivers 4.00.00.0104 (12599).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ELVideoCapure ActiveX DLL 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EM Filter 4.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EVEREST Ultimate 2 80 565 zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EaZip 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyPicture 4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyPlanEx 1.32.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyPostCodes 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyProjectDatabase 6.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyProjectPlan 9.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyPrototype 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyPulse (Palm) 1.30 beta.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyPulse (Pocket PC) 2.31.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyQuery.NET 1.4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyRead 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyRecorder 5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyRecovery Professional 6.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyReminder 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyRetirement 1.1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasySMPP Component 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasySMPP Component 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasySMS NetShell e2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasySMS Outlook e2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasySMS StarLink e2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasySQL 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasySec Firewall SDK 1.10b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyShare 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyShots 2.1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyStat Web Statistics 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyStockDataGenerator 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyStockDater 1.1.7.5 Rev. 22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyStockInfo 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyStore Net 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyStruct Enterprise 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyTable For AutoCAD 2.1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyTask Manager 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyTaskEmail 4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyTaskSync 5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyTrader 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyTweak For Pocket PC 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyVersionControl 8.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyView X 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyViewOrcl 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyWMA 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyWMA Converter 1.22a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyWallpaper 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyWare B2B Commerce 4.004.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyWare Shopping Cart 3.004.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyWatch 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyWebSave 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EasyZip 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easyscreen Screen Capture 3.72.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft Data Access for ISAM 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft Data Access for Unisys LINC Developer 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft JDBC-ODBC Bridge 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft ODBC Join Engine 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft ODBC for CODA 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft ODBC-Firebird Driver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft ODBC-Interbase Driver 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft ODBC-JDBC Gateway 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft ODBC-ODBC Bridge 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easysoft XML-ODBC Server 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easystats 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easytemplates Flash Website Templates 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Easytools.com URL Checker 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eat My Dust demo, large version .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eat My Dust demo, medium version .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eat My Dust demo, small version .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eatometer 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eaz-Fix Professional 7.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eazi Website Monitor 1.0.2.196.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eazibo Professional Edition 1.3.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eazy Backup 3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EazyBox for Palm 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EazyCode 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EazyDraw 1.8.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EazySQL 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebay Bargin Hunter 2.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebay Item Watcher 2.4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebay Powerseller Articles 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebay Tycoon--Play the Ebay.com Online MarketPlace Game 1.25.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebay Typo Auction Locator 3.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebay and Paypal Calculator 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EbayMinder 5.0.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebced 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EboBar 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebook 4 - The Art & Science of Web Design (ebook-portal blogspot com).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EbookMaker 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebstra Imperial 2BI.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ebstra-1 2BM.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EcGraph 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecamm Austin Powers Video Phone Sound .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecamm Babylon 5 Doorbell .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecamm Hitchhiker's Guide Beep .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecamm LongBell .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecamm Power Rangers Watch Sound .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecamm R2D2 Droid Chirp .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecamm R2D2 Droid Computing Sound .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecard Magic 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eccentris Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echelon Instant Action patch (non-Pentium, non-AMD) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echelon P11K6 processor patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echelon Wind Warriors E3 trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echelon Wind Warriors Instant Action patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echelon Wind Warriors demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echelon Wind Warriors v1.10 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echelon demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echive Lease Planner 2.1.57.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echo Password Manager 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EchoForum InvisionBoard LACI 1.39.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EchoForum PhpBB LACI 1.39.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EchoForum Simple Machines LACI 1.39.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EchoForum UBB LACI 1.39.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EchoForum XMB LACI 1.39.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EchoForum vBulletin LACI 1.39.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EchoServer for Windows 1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EchoVNC 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Echolink Chat 1.31.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eclarsys PopGrabber 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eclipse 4.10.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eclipse 5.10.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eclipse SDK 3.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eclipse Service Management Software 4.16.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EclipseCrossword 1.2.54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EcoEuroMillions 1.26.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EcoKeno 3.74.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EcoLotofoot 3.64.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EcoThunderball 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecolotosystemes 4.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Econ NetVert 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EconomiZation 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Economic Investment Amount 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Economics Terms Dictionary 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecosuper7 1.16.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecotonoha Screensaver .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecstatica II demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecto 1.7.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecto 2.3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EctoSet Modeller 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ecyware GreenBlue Inspector 1.1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ed Michael Reggie Series - Time Value of Money 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EdPAD 1.1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EdWin 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EdataSOS 6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EdenGUI 2.0.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EdenSoft My Logo 1.0.0.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edgar Allan Poe e-Book Introduction 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edge 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edge Of Chaos 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edge2004 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EdgeDesk 4.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edges 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edgeworks 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edgeworks 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EdiTunes 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edit Buddy 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edit Digi Pictures 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edit JFIF Comment 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edit Prep 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditCNC 3.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditEx 2006.0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditLive for Java 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditLive for XML 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditML Pro 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditOnline 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditPad Lite 6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditPad Pro 6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditPlus 2.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditPro 1.57.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditXpert 3.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Editable JavaScript TreeGrid 3.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Editable Photo Album (Crocodile Leather Frame) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Editable Photo Album (Ostrich Leather Cover) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Editable Photo Album (crocodile leather cover) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Editable Victoria Photo Album 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edith 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EditiX 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Editor2 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Editor4NAnt 0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Editplus For .NET 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Editstudio 5.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ediware Client 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edmund Spenser, Amoretti & Epithalamion 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edovia Antispam 2005.4.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edovia PopShield AntiPopup 1.0.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EduProfix 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EduWiz 3.00.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EducLearning 4.2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Educational Compiler ComPas 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Educational Worksheets - Math (Windows XP) 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Educational eBooks for Children 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eduinfo InstaM 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Edushield 1.0.62.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EePoker - Free Draw Poker Game 1.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eeppo 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eetee 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Efastar Supply Master 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EffeTech HTTP Sniffer 3.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Effect3D 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Effect3D Studio 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Effective File Search 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Effective Meetings 1.5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Effective Site Studio 20043.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Effective Site Studio Photo Edition 20042.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Effects 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Effects Pack (PowerPC) 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EffiValidation 3.0 lite.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EfreeBuy Folder Icon 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EfreeSoft Boss Key 3.30.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EgaImages Screensaver 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egese Business Online System 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egg 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egg Timer Plus 2.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egg vs. Chicken 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egg-stravaganza 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EggKey Gateway 1.0.66.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EggOn 0.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EggRoll 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EggStatic 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eggberts Easter Wish 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eggblog 3.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EgoLex 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egochinese 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egold Fee 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egypt Dings 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egypt Tomb Scenes - Papyrus Art 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egypt of David Roberts 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egyptian Addiction 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Egyptian Art Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eiffel API for NeoCore XMS 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EightBall 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eikona 3D 3.2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Einstein 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Einstein 1.54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Einstein Information Management System 4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Einstein Quote Generator 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Einstime 4.1a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eisoo AnyBackup CDDVD Edition 1.7 build 1646.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eisoo AnyBackup Home Edition 1.7 build 1646.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EjGSoftwareWeather 1.0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eject 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ejector 0.7.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Ekkeko 1.2.160.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\El Airplane .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\El Scripto 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\El-ixir 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elasto Mania - Elastomaniac.com level pack 1 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elasto Mania - Elastomaniac.com level pack 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elasto Mania 1.11a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EldoS KeyLord 1.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EldoS KeyLord 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EldoS PKI Tools 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\EldoS TimelyWeb 4.2 build 215.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Eldritch Clowns Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ElecKey Express 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elecard DVD Player 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elecard MPEG Player 4.0.4 build 51014.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elecard MPEG-2 Decoder & Streaming Plug-In for WMP 3.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elecard MPEG-2 Encoder Pack 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elecard Mobile Converter 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elecard StreamEye Tools 2 build 50921.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Elecard XMuxer Pro 2 build 60502.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ElectionStudio Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Electra 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ElectraDrive Sync Engine 4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Electrc 2005 1.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ElectriCalm 3D 2.53.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Electric Art Screensaver 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Electric Bass Companion 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Electric Drive Train Simulator 2.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\Electric Eddie 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ElectricWords Japanese ARM 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Complete\ElectricWords Japanese MIPS 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\Documents and S
Go to the top of the page
 
+Quote Post
Jesusc500
post Dec 24 2006, 09:50 PM
Post #5


Member
**

Group: Members
Posts: 25
Joined: 19-December 06
From: Texas
Member No.: 102,030
Hi Jack this log


Logfile of HijackThis v1.99.1
Scan saved at 8:50:07 PM, on 12/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Eric\My Documents\?icrosoft.NET\c?rss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {AE8CCF7E-7097-2839-931F-7BE52B1E179E} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ooam] "C:\PROGRA~1\COMMON~1\FNTS~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Wfxbn] C:\Documents and Settings\Eric\My Documents\?icrosoft.NET\c?rss.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Go to the top of the page
 
+Quote Post
Rawe
post Dec 25 2006, 07:58 AM
Post #6


Forum Addict
******

Group: Malware Response Team
Posts: 2,328
Joined: 5-July 05
From: Finland
Member No.: 25,956
Looks a bit better smile.gif

First.....

Please rename HijackThis.exe to Scanner.exe just in case. To make sure there's no infections that hide from HijackThis.

Please download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis (scanner.exe) log. thumbup2.gif
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


--------------------
Hi there, stranger!

Please do not PM/email me for support, forums are there for a reason. :)



If I have helped you resolve your problem, please consider a donation to help me continue the good fight.

You don't need a PayPal account to donate.
Go to the top of the page
 
+Quote Post
Jesusc500
post Dec 27 2006, 07:46 PM
Post #7


Member
**

Group: Members
Posts: 25
Joined: 19-December 06
From: Texas
Member No.: 102,030
Here is the Combofix Log.


Eric - 06-12-27 18:43:52.78 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Eric\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Common Files\download
C:\Program Files\Common Files\windows
C:\Program Files\Common Files\{3421BE45-0BB0-1033-0609-040518050001}
C:\Program Files\Common Files\{D421BE45-0BB0-1033-0609-040518050001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Eric\My Documents\ICROSO~1.NET
C:\QooBox\Purity\Documents and Settings\Eric\My Documents\ICROSO~1.NET\c?rss.exe
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1\__delete_on_reboot__s_v_c_h_o_s_t_._e_x_e_
C:\QooBox\Purity\WINDOWS\system32\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2006-11-27 to 2006-12-27 ))))))))))))))))))))))))))))))))))


2006-12-27 18:39 57,344 --a------ C:\WINDOWS\system32\xvcit.dll
2006-12-27 18:39 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2006-12-27 18:39 <DIR> d-------- C:\Program Files\Outerinfo
2006-12-20 22:16 <DIR> d-------- C:\bintheredunthat
2006-12-20 22:08 <DIR> d-------- C:\BFU
2006-12-20 22:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-20 22:00 <DIR> d-------- C:\Program Files\Grisoft
2006-12-19 10:20 <DIR> d--hs---- C:\WINDOWS\RXJpYyBGb290ZQ
2006-12-19 10:02 <DIR> d-------- C:\Program Files\HijackThis
2006-12-19 09:54 91,973 --a------ C:\Documents and Settings\Eric\install.exe
2006-12-19 09:29 91,973 --a------ C:\WINDOWS\system32\install.exe
2006-12-19 09:28 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-27 18:44 -------- d-------- C:\Program Files\Common Files
2006-12-27 18:38 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-19 10:25 -------- d-------- C:\Program Files\Java
2006-12-19 10:20 -------- d-------- C:\Program Files\Yahoo!
2006-12-13 21:46 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-12-10 14:21 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-11-18 19:32 -------- d-------- C:\Documents and Settings\Eric\Application Data\Kensington
2006-11-18 16:46 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-18 16:46 -------- d-------- C:\Program Files\Kensington
2006-11-16 22:28 -------- d-------- C:\Documents and Settings\Eric\Application Data\IMVU
2006-11-16 22:07 -------- d-------- C:\Program Files\IMVU
2006-11-05 18:49 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-30 21:39 -------- d---s---- C:\Documents and Settings\Eric\Application Data\Microsoft
2006-10-30 21:11 -------- d-------- C:\Program Files\Windows Media Player


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Ooam"="\"C:\\PROGRA~1\\COMMON~1\\FNTS~1\\svchost.exe\" -vt ndrv"
"Wfxbn"="C:\\Documents and Settings\\Eric\\My Documents\\?icrosoft.NET\\c?rss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AWMON"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-Watch.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"MSWheel"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061219-102901-249
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3421B~1\Bar888.dll
backup-20061219-102901-857
O2 - BHO: (no name) - {AE8CCF7E-7097-2839-931F-7BE52B1E179E} - C:\WINDOWS\system32\oidsz.dll
backup-20061219-102901-346
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20061219-102722-935
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
backup-20061219-102722-760
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
backup-20061219-102722-539
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
backup-20061219-102722-843
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
backup-20061219-102218-896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20061219-102133-534
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20061219-102133-513
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20061219-102133-293
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060718-201217-497
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20060718-201156-271
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
backup-20060718-201139-953
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
backup-20060718-201006-832
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20060718-200947-284
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060718-200947-889
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20060718-200947-204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20060718-200947-756
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20060630-022421-859
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
backup-20060630-022338-371
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
backup-20060111-065559-846
O16 - DPF: {7E547FA7-8D86-449D-4C14-450A7196383C} - http://85.255.113.214/1/gdnUS2332.exe
backup-20060106-190957-857
O16 - DPF: {658BB74D-E9CB-2050-FC85-12707339925A} - http://85.255.113.214/1/gdnUS2332.exe
backup-20060106-190957-387
O16 - DPF: {37D17ADA-D2CD-252B-C969-7CCC0D4F98B5} - http://85.255.113.214/1/gdnUS2332.exe
backup-20060106-190957-526
O16 - DPF: {130F2761-BD57-755B-E945-7F5C1CDC87A3} - http://85.255.113.214/1/gdnUS2332.exe
backup-20060106-190957-235
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hpF11B.tmp
backup-20060106-190957-746
O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
backup-20060105-000458-143
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpAD18.tmp
backup-20060105-000458-518
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
backup-20060105-000458-328
R3 - Default URLSearchHook is missing
backup-20060105-000458-739
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ejxqi.dll/sp.html#53142%resultposition.net
backup-20060105-000458-821
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ejxqi.dll/sp.html#53142%resultposition.net

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-12-27 18:46:01.25
C:\ComboFix.txt ... 06-12-27 18:46
Go to the top of the page
 
+Quote Post
Jesusc500
post Dec 27 2006, 07:48 PM
Post #8


Member
**

Group: Members
Posts: 25
Joined: 19-December 06
From: Texas
Member No.: 102,030
And Lastly here is the Scanner.exe log.

Logfile of HijackThis v1.99.1
Scan saved at 6:47:25 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eric\My Documents\?icrosoft.NET\c?rss.exe
C:\WINDOWS\explorer.exe
C:\HJT\Scanner.exe

R3 - URLSearchHook: (no name) - {AE8CCF7E-7097-2839-931F-7BE52B1E179E} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {F811B3F9-5942-05B8-17D7-07F2BA2715CF} - C:\WINDOWS\system32\xvcit.dll
O2 - BHO: (no name) - {F811B3F9-5942-05B8-17D7-07F2BA2715CF} - C:\WINDOWS\system32\xvcit.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ooam] "C:\PROGRA~1\COMMON~1\FNTS~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Wfxbn] C:\Documents and Settings\Eric\My Documents\?icrosoft.NET\c?rss.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Go to the top of the page
 
+Quote Post
Rawe
post Dec 28 2006, 07:16 AM
Post #9


Forum Addict
******

Group: Malware Response Team
Posts: 2,328
Joined: 5-July 05
From: Finland
Member No.: 25,956
Lets continue smile.gif

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

------

Now, please run a scan with HijackThis and check the following objects for removal IF present:

R3 - URLSearchHook: (no name) - {AE8CCF7E-7097-2839-931F-7BE52B1E179E} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {F811B3F9-5942-05B8-17D7-07F2BA2715CF} - C:\WINDOWS\system32\xvcit.dll
O2 - BHO: (no name) - {F811B3F9-5942-05B8-17D7-07F2BA2715CF} - C:\WINDOWS\system32\xvcit.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKCU\..\Run: [Ooam] "C:\PROGRA~1\COMMON~1\FNTS~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Wfxbn] C:\Documents and Settings\Eric\My Documents\?icrosoft.NET\c?rss.exe

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files - option.

Now, navigate to and delete the following files & folders if present:

C:\WINDOWS\system32\svchosts.exe <= NOTE: MAKE sure it is indeed svchostS.exe you delete, DO NOT delete svchost.exe it is important!! If you're not sure what to delete, do not delete anything.
C:\WINDOWS\system32\xvcit.dll
C:\WINDOWS\system32\wintsvtr.exe
C:\Program Files\Outerinfo
C:\WINDOWS\RXJpYyBGb290ZQ
C:\Documents and Settings\Eric\install.exe
C:\WINDOWS\system32\install.exe

Empty recycle bin and reboot back into Normal mode.

-------

Please download GMER:
  • Unzip it and double-click GMER.exe
  • Click the rootkit-tab and click scan.
  • Once done, click Copy.
  • This will copy the results to clipboard.
  • Paste the results in your next reply, along with the C:\Vundofix.txt log aswell as a fresh HijackThis log. thumbup2.gif


--------------------
Hi there, stranger!

Please do not PM/email me for support, forums are there for a reason. :)



If I have helped you resolve your problem, please consider a donation to help me continue the good fight.

You don't need a PayPal account to donate.
Go to the top of the page
 
+Quote Post
Jesusc500
post Dec 28 2006, 08:28 PM
Post #10


Member
**

Group: Members
Posts: 25
Joined: 19-December 06
From: Texas
Member No.: 102,030
I've done everything up to downloading and installing GMER.

For some reason it will not let me download this program.

Says that firefox cannot download from www.gmer.com.

When I try to DL just the file, I get a message that the file no longer exists when I t to unzip it.
Go to the top of the page
 
+Quote Post
Rawe
post Dec 29 2006, 05:56 AM
Post #11


Forum Addict
******

Group: Malware Response Team
Posts: 2,328
Joined: 5-July 05
From: Finland
Member No.: 25,956
Yes, sorry about that, looks like gmer.net is down smile.gif

Download from here.


--------------------
Hi there, stranger!

Please do not PM/email me for support, forums are there for a reason. :)



If I have helped you resolve your problem, please consider a donation to help me continue the good fight.

You don't need a PayPal account to donate.
Go to the top of the page
 
+Quote Post
Jesusc500
post Dec 29 2006, 07:47 PM
Post #12


Member
**

Group: Members
Posts: 25
Joined: 19-December 06
From: Texas
Member No.: 102,030
No Problem,

Here is my GMER log

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-29 18:45:24
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 86BFFF08 ZwConnectPort
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Files - GMER 1.0.12 ----

ADS C:\Program Files\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_Quicksilver.uis_Scrollbar:Smaller.WB4

---- EOF - GMER 1.0.12 ----







The other program Vundo didn't find anything wrong. Here is my fresh Hijack this Log.





Logfile of HijackThis v1.99.1
Scan saved at 6:46:43 PM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eric\Local Settings\Temp\gmer.exe
C:\Program Files\Norton SystemWorks\OBC.exe
C:\HJT\Scanner.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Go to the top of the page
 
+Quote Post
Rawe
post Dec 30 2006, 07:39 AM
Post #13


Forum Addict
******

Group: Malware Response Team
Posts: 2,328
Joined: 5-July 05
From: Finland
Member No.: 25,956
Ok then smile.gif

Please print these instructions out, or write them down, as you can't read them during the fix.

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeservice.bat. to your desktop.

QUOTE
@echo off
sc stop "COM+ Messages"
sc delete "COM+ Messages"

Double-click on Removeservice.bat. A window will pop up and close. This is normal.

-----

Please download MWav:
  • Unzip it to its predetermined directory (C:\Kaspersky)
  • Locate kavupd.exe in the new folder and double-click to Update.
  • If your firewall gives any messages about this program accessing to internet, allow it.
  • If it says the signatures are more than 30 days old, keep trying, until you get the actual definition updates.
  • When you see Updates Downloaded Successfully, hit Enter to continue.
  • Restart onto Safe Mode and locate the Kaspersky folder.
  • Locate mwavscan.com and double-click on it to launch the MWAV Scanner.
Now lets do the settings:
  • Leave the Default Settings checked.
  • Add a check to Drives
  • This will light up All Drives
  • Add a check to Scan all Files
  • Click Scan Clean to begin.
This scan might take around 3+ hours to finish when set to scan everything.
  • Please be sure it has finished before proceeding.
  • Once the scan has finished, all entries identified as Infected, will be displayed in the lower panel.
  • Highlight everything that is inside the lower panel and hit Ctrl+C at the same time to copy.
  • Open an empty notepad file and paste the results (Ctrl+V) to it. Save the notepad to your desktop, name it as you want (e.g; MWav Results).
Reboot into normal Windows and post the results here along with a fresh HijackThis log and let me know ANY problems with your computer right now. thumbup2.gif


--------------------
Hi there, stranger!

Please do not PM/email me for support, forums are there for a reason. :)



If I have helped you resolve your problem, please consider a donation to help me continue the good fight.

You don't need a PayPal account to donate.
Go to the top of the page
 
+Quote Post
Jesusc500
post Dec 31 2006, 06:59 PM
Post #14


Member
**

Group: Members
Posts: 25
Joined: 19-December 06
From: Texas
Member No.: 102,030
Thanks for all of your help by the way.

Here are the results.

File C:\Documents and Settings\Eric\Complete\QuickBanner 1.0.zip infected by "P2P-Worm.Win32.VB.dw" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Eric\Complete\QuickBooks Invoice Manager 1.zip infected by "P2P-Worm.Win32.VB.dw" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Eric\Complete\QuickBooks Key 6.3.zip infected by "P2P-Worm.Win32.VB.dw" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Eric\Complete\QuickButtons 1.5.zip infected by "P2P-Worm.Win32.VB.dw" Virus. Action Taken: File Deleted.
File C:\HJT\backups\backup-20061228-191301-824.dll tagged as not-a-virus:AdWare.Win32.PurityScan.ak. No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\146111EF infected by "P2P-Worm.Win32.Alcan.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15CB4660 infected by "P2P-Worm.Win32.Alcan.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1AEB1304 infected by "P2P-Worm.Win32.Alcan.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B9C0FFA infected by "Backdoor.Win32.Rbot.pd" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1D0643AF.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\22215ECD infected by "P2P-Worm.Win32.Alcan.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26FC5AB9.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27F87BA4.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28B828D0.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2D293BED.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2D6D2DA2.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DA82161.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DBC1D4C.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DED1316.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2E3B02BF.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\301125D1.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36EB6DDA infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4C5164AB infected by "Trojan.Java.ClassLoader.u" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\57D6193D infected by "Email-Worm.VBS.Gedza" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F5E44AD.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F99386C.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5FE47E19.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\648D32C1 infected by "Trojan.Java.ClassLoader.u" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP809\A0159335.exe infected by "Trojan-Downloader.Win32.Agent.bdr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP812\A0159794.exe infected by "Backdoor.Win32.IRCBot.qc" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP812\A0159795.exe infected by "Backdoor.Win32.IRCBot.dd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP812\A0159796.exe infected by "Trojan-Downloader.Win32.PurityScan.dy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP812\A0159802.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP812\A0159803.exe tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP812\A0159804.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP812\A0159805.dll tagged as not-a-virus:AdWare.Win32.PurityScan.ak. No Action Taken.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP812\A0159807.dll tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP812\A0159808.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP815\A0159893.dll tagged as not-a-virus:AdWare.Win32.PurityScan.ak. No Action Taken.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP815\A0159899.exe infected by "Trojan-Downloader.Win32.Agent.bdr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP815\A0159900.exe infected by "Trojan-Downloader.Win32.Agent.bdr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP815\A0159902.exe tagged as not-a-virus:AdWare.Win32.PurityScan.bu. No Action Taken.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160139.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160140.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160141.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160142.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160143.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160144.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160145.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160146.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160147.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160148.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160149.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160150.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160151.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{13A6698E-1A4C-473E-B451-F67EF06692C4}\RP821\A0160152.exe infected by "P2P-Worm.Win32.Krepper.c" Virus. Action Taken: File Deleted.




And a HJT Log as well.




Logfile of HijackThis v1.99.1
Scan saved at 5:59:12 PM, on 12/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\program files\winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\Scanner.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cbrtlv2krstp - Broadcom Corporation. - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Go to the top of the page
 
+Quote Post
Rawe
post Jan 1 2007, 06:49 AM
Post #15


Forum Addict
******

Group: Malware Response Team
Posts: 2,328
Joined: 5-July 05
From: Finland
Member No.: 25,956
Hows the system running now? smile.gif

Couple more things left.

Click Start -> Run and type in: services.msc

Click "OK".

In the services window find service; COM+ Messages

Right-click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then "Ok". Exit the Services utility.

Next....
  • Open HiJackThis
  • Click on the tab "Misc Tools"
  • Click on "Delete an NT service"
  • Copy and paste this in: COM+ Messages
  • Click "ok", then reboot. Post back with a fresh log and a description of problems smile.gif


--------------------
Hi there, stranger!

Please do not PM/email me for support, forums are there for a reason. :)



If I have helped you resolve your problem, please consider a donation to help me continue the good fight.

You don't need a PayPal account to donate.
Go to the top of the page
 
+Quote Post
« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »
 

2 Pages V   1 2 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 18th March 2010 - 02:59 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2010 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2010  IPS, Inc.