Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Issues [CLOSED]

Started by xxatticus , Aug 16 2008 03:59 PM

  • This topic is locked This topic is locked

#1
xxatticus
Posted 16 August 2008 - 03:59 PM

xxatticus

    New Member

  • Member
  • Pip
  • 5 posts
Hey guys. Here's my problem. I downloaded a program the other day and went to run it, and what do you know I've got a terrible virus on my relatively new PC. It deleted my control panel, my run, search, gave me fake anti-spyware alerts, and tons of pop-ups all over my system. I couldn't use system restore because it erased all of my restore points. I did everything in the Must Read Before Posting Hijackthis Log thread and eliminated a bunch of the spyware. I have access to my control panel now and all of the start menu functions again. The only thing I can notice that is left would be the random pop ups, even when I'm not on the internet they pop up containing video websites and weird porn. My computer is still kind of slow also. I just want to eliminate everything that infected my PC and have it back to normal.

Here's my Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:23, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {36D92B01-22BC-4FB7-A7AC-C574873FDDBE} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {661778F7-CDDA-4611-99B0-43245C7E971D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8D75D0E3-DFC9-4C63-9129-877544EB64F8} - (no file)
O3 - Toolbar: vwsrfton - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - C:\WINDOWS\vwsrfton.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinUpdate] C:\WINDOWS\wuauclt.vbs
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Owner\LOCALS~1\Temp\2A.tmp.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162001267281
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8729 bytes



Thanks for all help in advance.
  • 0

Advertisements

#2
andrewuk
Posted 16 August 2008 - 04:55 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi xxatticus

welcome to geekstogo :)

firstly, could you tell me what anti-virus program you are using. i dont see any evidence of one in your logs.


====STEP 1====
Disable Teatimer
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

====STEP 2====
if you have already downloaded combofix then could you delete the current version of combofix you have and then follow these instructions:

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. (All the instructions for installing the Recovery Console are in the above link, but for more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.)

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#3
xxatticus
Posted 16 August 2008 - 05:55 PM

xxatticus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
After this scan I don't have the pop ups anymore. Just seeing if there's still spyware or anything else on the computer I can't see. I didn't use the recovery console either because I have the CD. Here's the ComboFix log:

ComboFix 08-08-15.04 - Owner 2008-08-16 19:30:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.339 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MCX1\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\U2H8C7UU\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Program Files\winupdates
C:\WINDOWS\keyboard211.dat
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\imusaroy.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
H:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-16 14:45 . 2008-08-16 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-16 02:37 . 2008-08-16 02:37 2,363 --a------ C:\WINDOWS\wuauclt.vbs
2008-08-15 20:26 . 2008-08-16 02:19 4,018 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-15 20:24 . 2008-08-16 02:25 <DIR> d-------- C:\Documents and Settings\Owner\SmitfraudFix
2008-08-15 20:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-15 20:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-15 20:24 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-15 20:24 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-15 20:24 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-15 20:24 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-15 20:24 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-15 20:24 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-15 20:24 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-15 18:38 . 2008-08-15 18:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-15 18:22 . 2008-08-15 18:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-15 18:21 . 2008-08-15 18:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 18:21 . 2008-08-15 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 18:21 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 18:21 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 16:22 . 2008-08-15 16:22 <DIR> d-------- C:\Program Files\CONEXANT
2008-08-15 15:47 . 2008-08-15 15:47 189 --a------ C:\WINDOWS\wininit.ini
2008-08-15 15:32 . 2008-08-15 15:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-15 15:31 . 2008-08-15 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-15 15:20 . 2008-08-15 15:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-15 15:20 . 2008-08-15 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 15:03 . 2008-08-15 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 15:02 . 2008-08-15 15:02 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-15 02:55 . 2008-08-15 02:55 <DIR> d-------- C:\Program Files\IObit
2008-08-15 02:49 . 2008-08-16 17:47 <DIR> d-------- C:\Program Files\Advanced Spyware Remover Pro
2008-08-15 02:49 . 2006-01-01 01:04 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll
2008-08-15 02:42 . 2008-08-15 02:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\IObit
2008-08-15 02:38 . 2008-08-15 14:54 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2008-08-14 15:16 . 2008-08-14 20:30 2,393 --a------ C:\WINDOWS\system32\wuauclt.vbs
2008-08-13 21:20 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\system32\CloseApp.exe
2008-08-13 13:52 . 2008-08-13 13:52 <DIR> d-------- C:\Program Files\Stardock
2008-08-13 13:52 . 2008-08-13 13:52 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-12 21:04 . 2008-08-12 21:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Thinstall
2008-08-12 17:32 . 2008-08-12 17:32 <DIR> d-------- C:\Downloads
2008-08-12 17:32 . 2008-08-12 17:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-08-01 19:50 . 2008-08-01 19:50 <DIR> d-------- C:\Program Files\Guitar Pro 5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 21:59 --------- d-----w C:\Program Files\Trend Micro
2008-08-15 18:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-15 18:54 --------- d-----w C:\Program Files\545 Studios
2008-08-14 06:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 20:45 --------- d-----w C:\Program Files\LimeWire
2008-07-29 20:40 --------- d-----w C:\Program Files\Java
2008-07-05 23:40 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-07-05 23:40 --------- d-----w C:\Program Files\Microsoft Xbox 360 Accessories
2008-07-05 23:37 --------- d-----w C:\Program Files\Project64 1.6
2008-07-05 23:36 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
2008-07-02 20:36 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-07-02 20:23 --------- d-----w C:\Program Files\Acoustica DJ Twist And Burn
2008-07-02 20:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Acoustica
2008-06-30 20:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-25 15:33 --------- d-----w C:\Program Files\CyberLink
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32 7204864]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32 86016]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 09:09 139264]
"PSDiagnosticM"="C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 16:29 315392]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 15:13 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 15:01 1037736]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 12:32 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\sYndRuM\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-13 21:51:13 3581680]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax
"VIDC.HFYU"= huffyuv.dll
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\XBC\\neXBC.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 18:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-14 11:50]
S3 CEUSBAUD;DigiTech USB MIDI Driver (MIDI);C:\WINDOWS\system32\Drivers\CEUSBAUD.sys [2003-11-01 16:19]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-04-17 18:36]
S3 LKNUCMP;Linksys Network USB Composite Device;C:\WINDOWS\system32\DRIVERS\lknucmp.sys [2006-10-18 18:32]
S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 12:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 15:00]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 18:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ab965b-980d-11da-921b-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f94ae581-9805-11da-b621-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-03-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2006-09-11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1154291404.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]

2008-08-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i24kc4gt.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://ultimate-guitar.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 19:36:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
.
**************************************************************************
.
Completion time: 2008-08-16 19:47:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 23:46:26

Pre-Run: 169,773,432,832 bytes free
Post-Run: 169,901,318,144 bytes free

234 --- E O F --- 2008-08-16 06:30:33

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:13, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dannz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162001267281
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8195 bytes
  • 0

#4
andrewuk
Posted 16 August 2008 - 06:55 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
firstly, some questions:

1. is this meant to be your home page: www.dannz.com ?

2. can you tell me what anti-virus program you think you are running? i dont see any evidence of one on your machine.


====STEP 1====
if you do not have an anti-virus program on your machine then we need to install one now. if you do, let me know which one you have and go onto step 2.

it is somewhat suicidal in today's digital world to be without one. until we get this antivirus program run and installed we will just be chasing our tails as your machine is reinfected :)

i suggest you download and install avast! it is free and a perfectly good anti-virus program.

Please go http://www.avast.com.../down_home.html and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial http://www.schmahl.n...astbootscan.htm it may make it easier to you to follow the steps.

Next, choose
Scan all local disks
scan archive files
click on Schedule
On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

On completion of the boot scan there will be a report at this location C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt Please post that in your next reply.


====STEP 2====
scanning two suspicious files.

Jotti File Submission:

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\WINDOWS\wuauclt.vbs

Click on the submit button

Please also do the same with the following file:
C:\WINDOWS\system32\CloseApp.exe


Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal



====STEP 3====
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ab965b-980d-11da-921b-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f94ae581-9805-11da-b621-806d6172696f}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

In your next reply could i see:
1. the combofix log
2. a new hijackthis log
3. the answer to the above questions

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#5
xxatticus
Posted 16 August 2008 - 07:35 PM

xxatticus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry about not answering your question last time. I have ZoneAlarmPro installed on my computer but it did not pick up the virus. At the time of the first Hijack scan it was not running. I have numerous Spyware removing programs now from trying all of them but I think I'll stick with the Avast program you recommended. www.dannz.com was one of the pop up spyware ads that was bugging me, so no that is not meant to be my homepage at all.

Results for first jotti scanfile:

File: wuauclt.vbs
Status:
INFECTED/MALWARE
MD5: e09d74531651b4096ee1203bc311cce2
Packers detected:
-
Scanner results
Scan taken on 17 Aug 2008 01:10:33 (GMT)
A-Squared
Found nothing
AntiVir
Found HTML/ADODB.Exploit.Gen
ArcaVir
Found Heur.VBS.Generic.24
Avast
Found VBS:Psyme-AB
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found VBS/Psyme.GE
F-Secure Anti-Virus
Found Type_Script (probable variant)
Fortinet
Found nothing
Ikarus
Found Virus.VBS.Psyme.AB
Kaspersky Anti-Virus
Found Type_Script (probable variant)
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

And the second file:

File: CloseApp.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 4cd6d12165acccfefdbdca980ada7092
Packers detected:
-
Scanner results
Scan taken on 17 Aug 2008 01:19:26 (GMT)
A-Squared
Found nothing
AntiVir
Found APPL/CloseApp
ArcaVir
Found Riskware.Risktool.Closeapp.A
Avast
Found nothing
AVG Antivirus
Found HackTool.BVK
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found RiskTool.W32.CloseApp.A
Dr.Web
Found Tool.CloseApp
F-Prot Antivirus
Found W32/HackTool.BGA
F-Secure Anti-Virus
Found not-a-virus:RiskTool.Win32.CloseApp.a (6, 2, 611)
Fortinet
Found HackerTool/CloseApp (probable variant)
Ikarus
Found not-a-virus:RiskTool.Win32.CloseApp.a
Kaspersky Anti-Virus
Found not-a-virus:RiskTool.Win32.CloseApp.a
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found Application/CloseApp
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found RiskTool.Win32.CloseApp

Here is the combo fix scan after dragging the txt file in:

ComboFix 08-08-15.04 - Owner 2008-08-16 21:25:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.524 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.

2008-08-16 20:49 . 2008-08-16 20:49 <DIR> d-------- C:\Program Files\Bonjour
2008-08-16 14:45 . 2008-08-16 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-16 02:37 . 2008-08-16 02:37 2,363 --a------ C:\WINDOWS\wuauclt.vbs
2008-08-15 20:26 . 2008-08-16 02:19 4,018 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-15 20:24 . 2008-08-16 02:25 <DIR> d-------- C:\Documents and Settings\Owner\SmitfraudFix
2008-08-15 20:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-15 20:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-15 20:24 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-15 20:24 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-15 20:24 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-15 20:24 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-15 20:24 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-15 20:24 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-15 20:24 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-15 18:38 . 2008-08-15 18:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-15 18:22 . 2008-08-15 18:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-15 18:21 . 2008-08-15 18:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 18:21 . 2008-08-15 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 18:21 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 18:21 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 16:22 . 2008-08-15 16:22 <DIR> d-------- C:\Program Files\CONEXANT
2008-08-15 15:47 . 2008-08-15 15:47 189 --a------ C:\WINDOWS\wininit.ini
2008-08-15 15:32 . 2008-08-15 15:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-15 15:31 . 2008-08-15 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-15 15:20 . 2008-08-15 15:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-15 15:20 . 2008-08-15 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 02:55 . 2008-08-15 02:55 <DIR> d-------- C:\Program Files\IObit
2008-08-15 02:49 . 2008-08-16 17:47 <DIR> d-------- C:\Program Files\Advanced Spyware Remover Pro
2008-08-15 02:49 . 2006-01-01 01:04 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll
2008-08-15 02:42 . 2008-08-15 02:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\IObit
2008-08-15 02:38 . 2008-08-15 14:54 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2008-08-14 15:16 . 2008-08-14 20:30 2,393 --a------ C:\WINDOWS\system32\wuauclt.vbs
2008-08-13 21:20 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\system32\CloseApp.exe
2008-08-13 13:52 . 2008-08-13 13:52 <DIR> d-------- C:\Program Files\Stardock
2008-08-13 13:52 . 2008-08-13 13:52 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-12 21:04 . 2008-08-12 21:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Thinstall
2008-08-12 17:32 . 2008-08-12 17:32 <DIR> d-------- C:\Downloads
2008-08-12 17:32 . 2008-08-12 17:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-08-01 19:50 . 2008-08-01 19:50 <DIR> d-------- C:\Program Files\Guitar Pro 5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 01:05 --------- d-----w C:\Program Files\iTunes
2008-08-17 01:05 --------- d-----w C:\Program Files\iPod
2008-08-17 00:49 --------- d-----w C:\Program Files\QuickTime
2008-08-17 00:48 --------- d-----w C:\Program Files\Apple Software Update
2008-08-16 23:36 22,021,085 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-16 21:59 --------- d-----w C:\Program Files\Trend Micro
2008-08-16 19:52 5,007,360 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-08-16 06:51 2,366,976 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-08-15 21:09 4,932,096 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-08-15 18:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-15 18:54 --------- d-----w C:\Program Files\545 Studios
2008-08-14 19:21 4,881,408 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-08-14 06:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:14 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-29 20:45 --------- d-----w C:\Program Files\LimeWire
2008-07-29 20:40 --------- d-----w C:\Program Files\Java
2008-07-09 13:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 23:40 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-07-05 23:40 --------- d-----w C:\Program Files\Microsoft Xbox 360 Accessories
2008-07-05 23:37 --------- d-----w C:\Program Files\Project64 1.6
2008-07-05 23:36 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
2008-07-02 20:36 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-07-02 20:23 --------- d-----w C:\Program Files\Acoustica DJ Twist And Burn
2008-07-02 20:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Acoustica
2008-06-30 20:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-25 15:33 --------- d-----w C:\Program Files\CyberLink
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-16_19.46.01.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-17 00:48:21 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-08-17 01:06:03 102,400 ----a-r C:\WINDOWS\Installer\{3DE0053C-FD9A-483E-B7C9-B06E4392206E}\iTunesIco.exe
+ 2008-08-17 00:50:02 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe
+ 2006-10-24 07:01:44 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\NormalColor\shellstyle.dll
+ 2007-07-24 19:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2007-07-24 19:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
+ 2008-07-23 00:32:44 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys
- 2008-08-14 18:30:15 212,080 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-17 01:01:01 215,752 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-17 01:01:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32 7204864]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32 86016]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 09:09 139264]
"PSDiagnosticM"="C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 16:29 315392]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 15:13 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 15:01 1037736]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 19:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 12:32 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\sYndRuM\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-13 21:51:13 3581680]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax
"VIDC.HFYU"= huffyuv.dll
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\XBC\\neXBC.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 18:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-14 11:50]
S3 CEUSBAUD;DigiTech USB MIDI Driver (MIDI);C:\WINDOWS\system32\Drivers\CEUSBAUD.sys [2003-11-01 16:19]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-04-17 18:36]
S3 LKNUCMP;Linksys Network USB Composite Device;C:\WINDOWS\system32\DRIVERS\lknucmp.sys [2006-10-18 18:32]
S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 12:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 15:00]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 18:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

*Newly Created Service* - CATCHME
*Newly Created Service* - IPOD_SERVICE
.
Contents of the 'Scheduled Tasks' folder

2008-08-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2006-09-11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1154291404.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 21:28:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
Completion time: 2008-08-16 21:32:17
ComboFix-quarantined-files.txt 2008-08-17 01:31:15
ComboFix2.txt 2008-08-16 23:47:08

Pre-Run: 169,217,404,928 bytes free
Post-Run: 169,181,962,240 bytes free

206 --- E O F --- 2008-08-16 06:30:33

And a new HJT scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:50, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dannz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162001267281
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8384 bytes
  • 0

#6
andrewuk
Posted 16 August 2008 - 08:42 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
your logs are looking better now. in this post we will remove those two files we scanned which are bad and then do some scans of your machine to see what else slipped on.

the scans will likely take 3 hours, quite possibly much longer. so just let them run.


====STEP 1====
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\wuauclt.vbs
C:\WINDOWS\system32\CloseApp.exe
EmptyTemp
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



====STEP 2====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 3====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 4====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

====STEP 5====
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
In your next reply could i see:
1. the OTMoveIT2 log
2. the malwarebytes log
3. the SUPERantispyware log
4. the kaspersky log
5. a new hijackthis log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#7
xxatticus
Posted 17 August 2008 - 03:35 AM

xxatticus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the OTMoveIt log:

Explorer killed successfully
C:\WINDOWS\wuauclt.vbs moved successfully.
C:\WINDOWS\system32\CloseApp.exe moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_aMjA9bHKsrDFM0nxU2rb scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8E4A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00b6d.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00b84.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08172008_001107

Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_aMjA9bHKsrDFM0nxU2rb not found!
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8E4A.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat not found!
File C:\WINDOWS\temp\ZLT00b6d.TMP not found!
File C:\WINDOWS\temp\ZLT00b84.TMP not found!

The Malwarebytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.24
Database version: 1056
Windows 5.1.2600 Service Pack 2

1:27:47 AM 8/17/2008
mbam-log-8-17-2008 (01-27-47).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 116881
Time elapsed: 41 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/17/2008 at 02:46 AM

Application Version : 4.15.1000

Core Rules Database Version : 3538
Trace Rules Database Version: 1527

Scan type : Complete Scan
Total Scan Time : 00:55:15

Memory items scanned : 453
Memory threats detected : 0
Registry items scanned : 5975
Registry threats detected : 0
File items scanned : 80289
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt

Adware.ZToolbar
C:\WINDOWS\system32\azebar.xml

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\LOOSE STUFF\PINNACLESTUDIOPLUSV9.3.2UNLOCKPATCHBIDJAN\KEYGEN.NFO

Browser Hijacker.Liporn
C:\WINDOWS\FORM.JS

Kaspersky log:

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 17, 2008 07:54:02
Records in database: 1100549
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 79610
Threat name: 6
Infected objects: 638
Suspicious objects: 2
Duration of the scan: 02:02:45


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Complete\27 Drawing Books.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\About CNET Networks.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Adam Fielding - Aurora.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Advanced search.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\All RSS feeds.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\All Software.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\American Idol S07E25 HDTV XviD-XOR [eztv].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\American Idol.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Anaya Hayes- Want it.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Angles d'attaque FRENCH R5 XviD-PWD avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Apply now.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Be Your Own Pet Get Awkward-(Retail)-2008-FNT.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Beauty and the Geek S05E03 PDTV XviD-STFU [eztv].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Beauty And The Geek.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\BIENVENUE CHEZ LES CHTIS FRENCH QUALITE DVD TOP.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Big Brother US S09E20 PDTV XviD-2HD [eztv].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Big Brother.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Bridget Moynahan Wallpapers.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Britney Spears Photos.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Browse categories.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\CAG Foreplay Video Game Podcast (Episode #38 Shipocritical).zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Carmen Electra - Pussycat Dolls Sexy Stockings Highkick.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\CBC joins Mininova, distributing TV show for free.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\clean app sitx.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\CNET TV.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Compare Prices.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Content Distribution.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Copyright policy.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Counting Crows - Saturday Nights &amp; Sunday Mornings [2008].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Creative Photoshop Digital Illustration and Art Techniques Jul 2007 eBook-BBL.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Drillbit Taylor CAM XViD-PreVail [ www speed cd ].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Featured torrents.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Flo Rida - Mail On Sunday 2008-CDS-DTi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Free MP3s.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Full Metal alchemist.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Fullmetal Alchemist Complete Series ( 01-51 ).zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Getting StartED with Mac OS X Leopard Nov 2007 eBook-BBL.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\GirlsWallPapers Collection - www.uvtorrents.com.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Hayden Panetierre - Vanity Fair pic as Sexy Marilyn Monroe.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Heavenly Sword s1e1-5 [H264 - AAC ITA] Serie Completa.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Help Center.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Hip Hop.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\HOWARD STERN SHOW FULL 3-25-2008 + FULL WRAP UP - WITHOUT POLITICAL APPENDIUMS mp3.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\HOWARD STERN SHOW FULL 3-26-2008 + FULL WRAP UP Show 64K MP3 CF.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\In Treatment S01E41 REAL HDTV XviD-XOR [eztv].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\In Treatment.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Japanator - tokyo pinsalocks Interview 3-22-08.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Jericho 2x07 (HDTV-LOL)[VTV].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Jericho S02E07 720p HDTV X264-DIMENSION [eztv].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Joe Eigo - MTV Gladiators- Intro.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Kaspersky AntiVirus v7 0 1 32 Final (FRESH KEYS 2008).zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Key Quest (Manga) Chapter 1 www.keyquestmanga.com.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Le Dernier Gang FRENCH DVDSCR XviD.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\LE-MONDE-26032008 zip.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\LE-MONDE-27032008 zip.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Learn more.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Michael Jackson - Thriller 25th Anniversary Edition [2008][CD+4 SkidVid_XviD+Cov]192Kbps.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Microsoft Windows Vista Ultimate x86 Integrated February 2008 OEM DVD-BIE.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Mininova toolbar.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Moby - Last Night [mp3-vbr-2008].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Monosylabik - Monosylabik EP (320kpsMP3).zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Monster Hunter Portable 2nd G JPN PSP-PSN.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Muddy Milfshake - Storm of the century Single Video.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Muddy MilfshakeMuzik 4 Machines - Storm of the Century.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Naruto Ultimate Ninja 3 USA PS2DVD-PROTOCOL.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\New Avengers 039 (2008) (Minutemen ZonesDiva)[h33t][ttodddy].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Nintendo DS.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Office 2007 Ultimate Ebooks Collection [eng][learning access excel word pdf][TNTvillage org].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\OneRepublic - Dreaming Out Loud [2008][CD+2 SkidVid XviD+Cov]192Kbps.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Opie and Anthony 2008-03-26-O&amp;A CF64k mp3.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Out of bounds wallpaper.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\PC Games.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Penelope DVDRip XviD-ARiSCO www speed cd ].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Penelope DVDRip XviD-ARiSCO { www.IPTorrents.com }.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Pink Wallpapers [Michi80].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Privacy policy.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Pro Evolution Soccer 2008 [WII] [PAL] [MULTI5] [www tensiontorrent com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\PSP Game MonsterHunter2ndG Japo UMDFULL ISO749MB.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Radio shows.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Radiohead - In Rainbows (18 tracks).zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Reason 4 + Keygen + Patch RPS [mininova].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Reincarnation FRENCH DVDRiP XviD-ELiTE avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\RFID Handbook Applications Technology Security and Privacy Mar 2008 eBook-BBL.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Rolling Stones-Shine A Light-2CD-2008-STARTMEUP.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\RosettaStoneSpanIII rar.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Search cloud.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Search options.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Sharpshooter 2007 DVDRip XviD-aAF www speed cd ].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Show all of today.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Site map.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Sophie S01E12 HDTV XviD-2HD [eztv].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\South Park S12E03 DSR XviD-0TV [eztv].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\South Park s12e03 Major Boobage-TVEps rm.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\South Park.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\SP1 For Windows Vista (6.0-KB936330) [32-64 Bit. All languages].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Spectacular_Spiderman S1E4.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Spyware Removal.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Submit Software.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Terms of use.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\The Essential Guide to CSS and HTML Web Design Nov 2007 eBook-BBL.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\The Must Have Package V2 (Firewall, Tweaking, etc) - BDTech - LEGAL.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Tips &amp; Tricks.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Today on CNET.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Try our new site Snotr.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\TV shows.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Ubuntu Linux For Dummies Apr 2007 eBook-BBL.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Underbelly 1x07 Wise Monkeys HDTV XviD-FoV [eztv].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Upload a torrent.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Usher Feat Young Jeezy - Love In This Club [NEW SINGLE 2008].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Vantage Point 2008 DVDRip XViD-INTERFILM { www.IPTorrents.com } RUSSIAN R5.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Vantage Point FRENCH R5 XviD-By Me.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Video clips.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W-Ease 1.0.3.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W.bloggar 3.03.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W2 Mate 2006 3.0.127.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W2 Pro Professional Edition 2005.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W2B_Restaurant 1.06.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W2XML 2.5.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W32.Blaster.Worm Removal Tool .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W32.Nimda.A@mm (Nimda) Removal Tool .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W32.Sasser Removal Tool 1.0.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W32.Sobig.F@mm Removal Tool .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\w3IDE NexGen Edition 2.0.0c.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W3Notify 1.01.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W4ShwIP 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W5A!erts Caller ID 3.38.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\W8Soft Ad-Spy Remover 1.6.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WA Browser 2.3.2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WABAccess 1.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WAC Server Manager 1.4.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WackGet 1.2.2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wacko Facto 3D Screensaver 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wacky Animals Screensaver 3.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wacom Intuos Driver 4.50 (12201999).zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wacom Tablet Driver 4.70-6.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wadja Mobile Editor 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Waha Transformer Lite for DB 2.2.4.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wainmans Toolbar 4.5.88.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Waiting Up DT 0.001.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Waiting Up WP 001.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wake On Lan 0.0.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wake On LAN 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wake Up Clock 1.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wake Up News 2005 5.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wakeboarding Unleashed featuring Shaun Murray demo .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WakeMeUp 1.8.4.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WakeUp 1.1 build 8.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WakiCoolBar for Asp.net 2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Walk the Line Screensaver .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Walk the Plank 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Walking the Las Vegas Strip 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WalkThru 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wall 2.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wall Photo Maker 3.7.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wall Street Financial Assistant 3.04.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wall Street Financial Assistant 3.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallace & Gromit Trailer .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WallCalendar Component for Delphi 3-7 2.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WallChanger 3.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallet 1.2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WalletPhotoScreenSaver 1.0.23.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WallFly 1.29.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WallGen 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallop 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Boot Master 2.2.6 DEMO.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Calendar 5.0.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Changer 1.2.4.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Changer 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Changer 7.0.143.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Clock 1.2.02.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Cycler 3.1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Desktop Calendar Living Gallery 1.5.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Easy 2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Expert 3.6.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WallPaper for AOL 1.3.3.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Friend 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Hanger 1.0.2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Magic 2.5.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Magic Screensaver Edition 2.5.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Manager 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Master Pro 1.41.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Mate 1.07.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Montage 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper of Ankur Gupta 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Photo Show 1.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Positioner 1.2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Recycler 3.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Scout 1.41.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Sequencer Lite 4.5.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Sequencer Standard 4.5 build 404.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Sequencer Ultra 4.5.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Slideshow 1.24.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Swap 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaper Switcher .NET 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallpaperbox 1.4.6.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WallPaperPlus 4.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WallpaperSpinner 2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WallpaperWarp 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wallperizer 1.1.7.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Walls And Balls 0.7.4.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Walls of Jericho 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Waltograph Font 4.2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wammu 0.16.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wample 1.03.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wan Monitor 2.5.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wandering Spider Screensaver 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WannabeHangman 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WannabeYahtzee 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wantasoft Cycles Calendar 1.0.25.32.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wanted Guns 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wanted Hero Issue 1 2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WAP Proof 2.0.0515.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\wAPI Monitor for Windows 3.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wapicode Contact Manager 1.0.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wapicode Photo Manager 2.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Wapicode SMS Sender 1.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WAPT 4.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War Chess 1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War Diary demo .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War FTP Daemon 1.7 beta.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War In Ancient Times 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War of Conquest 1.27.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War of the Worlds 2 The Next Wave DVDRip XviD-tfe [btarena.org].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War of the Worlds Screensaver .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War of the Worlds Trailer .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War Times patch 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War Times patch 1.01.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War Times patch 1.02.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War Wind demo .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War World Tactical Combat Enhanced 1.09.02.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War World Tactical Combat Patch 1.09.02.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\War-bucs 2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WarBirds demo (full install) .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warblade 1.2X.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WarBreeds demo .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\wArcanoid V The Solar System 3.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WarChess 1.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft II 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft II Animated Cursor 1.2.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft II demo.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Gold Rush map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Ice Hunter map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - 2 Rivers Meet map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - 4 Moats map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - 4-Way Bridge map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - A Great Evil map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - A Troll and his Rock map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Accordium map 2.0 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - All Out Revolt map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Animal Wars with Arena single player map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - AR Christmas PicNic map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - AR Darkness Called map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - AR Natural PicNic map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - AR PicNic for the Holy Grail movie .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - AR The A-Team map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - AR The Weakest Link map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - AR Warcraft II Sea Picnic map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Around the Campfire - Once again! map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Artha's Nightmare map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Assassins Quest Chapter 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Assassins Quest Chapter 2 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Assassins Quest Prologue .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Bandit Fight map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Banditry and Invasion map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Bandits and Cops map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Bar is Maad map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Battle for Abalorn map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Battle for the Fountain map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Battle for the Rhenn Valley map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Battle in Mountains b0.map 2 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Battle of the Five Armies map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Behlul's map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Beowolf 1, Version 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Big Bob & Little Bob map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Bilbo's 111th map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Bing Bam Boom map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Broken Trust map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Burning Village map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Cartoons Seasons 1 Episode 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Castaway map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Castle Brinkerhoff map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Castle Wars 1.7 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Castlemania map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Centaus vs. Quillboars map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Chamber of Bone map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Chaos in the Forest map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Chapter 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Chapter map 2 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Chinese Flag v0.1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Cinematic Battle v1.00 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - City of Gloom and Hurting map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Clash of the Titans map 1.01 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Command & Conquer map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Creeps map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Dalaran map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Dark Future map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Dead Center map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Demon Hunters map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Demon Wars - Level 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Desert of Eternal Night map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Desert Waves map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Destruction at the North Chapter 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Destruction at the North Chapter 2 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Devil v1.1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Diablo II Act I map 1.1 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Dispotic Ruler map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Donk Episode 1 The Lumber Mill .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Dragon Egg map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Druid's War map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Dungeon Keeper v1.0 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Emperor Baal Super TD v1.00 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Escape to Mushrooms map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Evil Islands Part 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Exiles The Raging storm map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Face the Dungeon map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of Mordor map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of the Lion Epilogue map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of the Lion Episode I map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of the Lion Episode II map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of the Lion Episode III map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of the Lion Episode IV map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of the Lion Episode V map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of the Lion Episode VI map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of the Lion Episode VII map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fall of the Lion Interlude .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Falling Orcs map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Final Battle map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Final Stand 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Final Stand Introduction map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - FM Vampire Hunters 2.76 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - For Ever We Rule map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Forest Dawn map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Forging of the Rings map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fort Valmott map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Four Races map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Four Swords map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Frogger map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Frozen Heart Isles map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Frozen Isle map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Fun in the Sun map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Giant Murlocs and Rocks map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Gladiator's War map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Golem Hunt map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Green Swamp map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Grom Hellscream's Burial Cinematic map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Grunt Sea AI map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Helm's Deep map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - How to Find Doodads map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Human Campaign Introduction map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Human Campaign One map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Human Campaign Two map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Human Gate map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Human Level 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Human Level map 2 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Human Level map 3 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Human Level map 4 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Humans vs. Deserters vs. Orcs map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Ice Flood map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Illidan's Plight map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Illidan's Plight Part Two map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Imperial War's Intro .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Infernal Wall v1.0 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Innocent Elves map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Intermission after Level 1 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Intermission after Level 4 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Into the Eternal Light map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Invasion map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Invasion of Helms' Deep map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Invasor de Bosques map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Isildur's Death map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Jobs in the Big City map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - King of the Hill map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - La Cucaracha v1.0 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Land of Myths map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Legends of Azeroth Chapter 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lord of the Rings Fellowship of the Ring single-player map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lord of the Rings Moria map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lord of the Rings Return of the King single-player map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lord of the Rings RPG map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lord of the Rings Two Towers map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lordaeron Capital map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lordaeron Winter Discovery map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lordain of Felland map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lost Souls map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - LOTR Intro movie .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - LOTR map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Lt. Bronx's Assault map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mannoroth The Demon Lord map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Marine Assault The Movie .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 10 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 11 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 12 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 13 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 14 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 15 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 16 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 17 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 18 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 19 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 2 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 20 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 21 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 22 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 23 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 24 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 25 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 26 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 27 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 3 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 4 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 5 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 6 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 7 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 8 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Chapter 9 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Finale map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Interlude map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Part 1 Epilogue map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Part 3 prologue map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mathias Prologue map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Metador map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Mount Genesis map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - MYL-Summer map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - N'aix - Regaining Old Strength map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Nature's Wrath - The First Step map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Nature's Wrath - Veronas Forest map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Night Elf Demon Wars Chapter 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Night Elf Demon Wars Chapter 2 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Night Elf Demon Wars Chapter 3 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Night Elf Demon Wars Chapter 4 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Night Elf Demon Wars Chapter 5 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Oakmeal map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Odnos S Gamadi map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - One Battle - One Chance map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Op Iraqi Freedom The Beginning map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Orc Dungeon Trainer map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Orcs Level 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Paintball Arena map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Path Through the Middle map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Player vs. Computer Training v1.1 map
  • 0

#8
xxatticus
Posted 17 August 2008 - 03:38 AM

xxatticus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
continued..

C:\Documents and Settings\Owner\Complete\Warcraft III - Predator Intro map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Quest for Death map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Racer map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Real Mountain King map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Real Paintball map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Renegate map 1.3 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Resurrection of Deathwing map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Resurrection of Deathwing map 2 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Return to Ashenvale Forest map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - River Crossing map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Rocky Archway map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Rokian's Hero Arena map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Roma 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Ronin map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Ruins of Ashenvale Forest map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Salomnia map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Sauron's Fall map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Snowy River map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Sorcerer's Quest map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Sparklepunch map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 1 The Spider Arises map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 10 The End map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 2 The First Base map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 3 The Passage to Northrend map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 4 Set Foot on Northrend map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 5 Finding the Cave map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 6 The Entrance to the Cave map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 7 Deep Into the Mountain map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 8 Fled from Death map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider 9 Medivh map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Spider City Part 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Squire's Keep map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Starcraft Zerg Race map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Strange Raiders map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Sundanesellar map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Super Saiya-jin Legend map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Super Smash Bros. Melee map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Taiwain map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Arena map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Arena map 2 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Awakening of Sleeper demo map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Battle of Nesna map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Beginning map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Big Race map 2 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Big Scoop map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The City Life map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Creep Revolution map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Curse of Teacher Blaser map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Death Sheep map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Death Trap map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Defense of Strahnbrad map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Fall of Isengard map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Final Fantasy map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Final Stand map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Forbidden Lands map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Headhunters map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Heart of Gra'thok map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Hero of the Dwarfs map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Hobbit map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Invasion of Azeroth map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Invasion of Orlinaria map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Journey map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Last Human City map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Legends of Camelot Level 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Legends of Camelot Level map 2 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Mines of Moria map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Monsters are Loose map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Naga Temple map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Power City map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Quitz map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Rescue map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Return of the Sheep map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The River of Atharas map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Shire map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Skull of Apocalypse map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Swamp City map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Three Baronies - Prologue .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Undead Scourge map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The WarHeads Flag map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Witch map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - The Wounded Land v110y map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Theatre of Conflict map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Theseus and the Minotaur map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - To Outrace the Griffin map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Total War map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Tree Walk map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Trench Warfare map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Tri-River Glades map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Trolls Outcast Campaign 1 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Trolls Outcast Campaign 2 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Turtle Isle map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Undead Call Back map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Undead Intro map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Undead map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Undeath Demon Attack map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Underground Cavern map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Unholy Crusades map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Unholy Crusades map 2 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Unholy Crusades map 3 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Unholy Crusades map 4 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Unholy Crusades map 5 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Vengeance on Razar map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Very Hard Defender map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - War of the Rings map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Water, Water, Everywhere map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - What Lurks Between the Green map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Wise - First Shot map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Witch King of Agmar map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Xcalibur Chapter 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Xcalibur Prelude map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Xenon's [bleep] map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - XXS's Xtreme Maze map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Zauthon Island Chapter 1 map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III - Zuljin Life map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III MP3 pack .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign Of Chaos Bonus map pack .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos demo.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos Mad Mass Map 1.04.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos Patch 1.15.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign Of Chaos Patch 1.18.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos River Way Too Far map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos v1.13b patch .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos v1.14 Patch .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos v1.14b Patch .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos v1.15 patch .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos v1.17 patch .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Reign of Chaos War of Corruption Campaign of the Elves mod.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Battle of 3 Kingdoms map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Battle Arena Map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Black Citadel map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne bonus map pack .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Copper Canyon map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Creep Wars map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Curse of the Wulf map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Darkened Days Map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Deadlock map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Dragon Falls map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Escape From [bleep] map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Excavation Site map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Footmen Frenzy River Crossing map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne New Fast Race mod .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Patch 1.14.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne patch 1.15.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Patch 1.18.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Predators map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Rolling Hills map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Sea Battles Map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Team Paintball Map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne The Capital map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne The Exodous of Pandera map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne Thunder Lake map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne UMSWE 4.1 editor .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne v1.13b patch .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne v1.14b Patch .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne v1.15 patch .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne v1.17 patch .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne War Town map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III The Frozen Throne World Cup of Warcraft Map .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warcraft III Trailer .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WarDrive ToolBox 1.1.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warecase eXtended Task Manager 1.95.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warehouse Guy (CE Palmtop) 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warehouse Workbench 4.99.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warfare Incorporated 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warhammer 40,000 Dawn of War Daemonhunters mod 0.75.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warhammer 40,000 Dawn of War demo .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warhammer 40,000 Dawn of War E3 2004 trailer 1.0.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warhammer 40,000 Dawn of War Half Scale mod 0.93.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warhammer 40,000 Dawn of War Maproom community map pack 1 .zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warhammer 40,000 Dawn of War mod tools (exe only) 1.41.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Warriors Orochi-RELOADED.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Windows - CDDVD Tools.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Windows - Other.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Windows - Security.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Windows XP Home Edition SP3 [25,000 Drivers Slipstreamed][WMP11+IE7][CRACKED].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\Windows XP Professional SP3 x86 Build 5508-eXPerience.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WinRAR 3 71 Full zip.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\WinZip 11 Final + Keygen (100% working).zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\X-Men - Legacy 209 (2008) (Minutemen ZonesDiva)[h33t][ttodddy].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[DVD5 ITA-JAP] Hellsing - DVD 5 EXTRA [Colombo-bt.org].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[Genjo] Ghost Hound - 15 [720p][1E8BF8CC] mkv.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[NDS]Mobile Suit Gundam 00[JAP][ESPALNDS com] zip.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[NDS]Ninja Gaiden Dragon Sword[USA][ESPALNDS com] rar.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[PSP] Monster Hunter Portable 2nd G [JPN][ISO][UMDRip][750MB].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[PSP]Code Geass Lost Colors[JAP][ESPALPSP com] rar.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[SHS-FoSu] Kateikyoushi Hitman Reborn - 70 [E31BC8FF] mp4.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[S^R] D Gray-man 76 (704x396 DivX651) avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[X X] Minami-ke Okawari - 12 [AA000012] avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[Yoroshiku] Kekkaishi - 51 (1024x576) (H264) [0FAD9FBA] mp4.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Complete\[yuurisan-subs] DGM 76 [8614fc07] avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Owner\Desktop\My Music\le tigre the the empty.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
C:\Documents and Settings\Owner\Desktop\The Only Folder\Vista_Ultimate.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 1
C:\Documents and Settings\Owner\My Documents\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Owner\My Documents\Vista_Ultimate\LSPatch\LSPatch.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 1
C:\Documents and Settings\Owner\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\WINDOWS\system32\wuauclt.vbs Suspicious: Type_Script 1
C:\_OTMoveIt\MovedFiles\08172008_001107\WINDOWS\system32\CloseApp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 1
C:\_OTMoveIt\MovedFiles\08172008_001107\WINDOWS\wuauclt.vbs Suspicious: Type_Script 1
H:\i386\Apps\App00577\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:31 AM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ultimate-guitar.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162001267281
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8585 bytes
  • 0

#9
andrewuk
Posted 17 August 2008 - 09:08 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
it would appear that all or many of the files in the folder C:\Documents and Settings\Owner\Complete are infected with a worm. we need to clear them out. i am guessing they are all P2P downloads?

there are more details on it here: http://www.symantec..../...-99&tabid=1

i suggest we delete the entire folder, though it is your call. we can just delete the infected files.....but being a worm, i am guessing it has gotten into all the c630 files in that folder. if you want to discuss it more, then dont follow the instructions below and let me know.


====STEP 1====
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\Owner\Complete
C:\Documents and Settings\Owner\Desktop\My Music\le tigre the the empty.wm
C:\WINDOWS\system32\wuauclt.vbs
H:\i386\Apps\App00577\comps\toolbar\toolbr.exe
EmptyTemp
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



====STEP 2====
could you redo the kaspersky scan so that we can make sure it is all gone.


In your next reply could i see:
1. the OTMoveIT log
2. the kaspersky log
3. a new hijackthis log
4. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#10
andrewuk
Posted 22 August 2008 - 06:44 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP