Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser and Desktop hijacked [RESOLVED]


  • This topic is locked This topic is locked

#1
panzer503

panzer503

    Member

  • Member
  • PipPip
  • 19 posts
Hello.

Both my browser and my desktop have been hijacked. Ive removed the games from system32 file. But cant get my desktop/browser up again. Currently useing Opera. Heres a copy of my Adware log.


Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, June 30, 2005 3:28:37 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SpywareNo(TAC index:7):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

6-30-2005 2:43:17 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R52 30.06.2005
Internal build : 60
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 485588 Bytes
Total size : 1468054 Bytes
Signature data size : 1436270 Bytes
Reference data size : 31272 Bytes
Signatures total : 40920
CSI Fingerprints total : 919
CSI data size : 31888 Bytes
Target categories : 15
Target families : 697


6-30-2005 2:45:27 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:61 %
Total physical memory:1048048 kb
Available physical memory:633388 kb
Total page file size:2484812 kb
Available on page file:2243044 kb
Total virtual memory:2097024 kb
Available virtual memory:2011388 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-30-2005 3:28:37 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 608
ThreadCreationTime : 6-30-2005 9:34:54 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 656
ThreadCreationTime : 6-30-2005 9:34:55 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 680
ThreadCreationTime : 6-30-2005 9:34:56 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 724
ThreadCreationTime : 6-30-2005 9:34:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 736
ThreadCreationTime : 6-30-2005 9:34:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 916
ThreadCreationTime : 6-30-2005 9:34:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1036
ThreadCreationTime : 6-30-2005 9:34:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1220
ThreadCreationTime : 6-30-2005 9:34:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1284
ThreadCreationTime : 6-30-2005 9:34:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1404
ThreadCreationTime : 6-30-2005 9:34:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1432
ThreadCreationTime : 6-30-2005 9:34:59 PM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1784
ThreadCreationTime : 6-30-2005 9:35:02 PM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 532
ThreadCreationTime : 6-30-2005 9:35:04 PM
BasePriority : Normal
FileVersion : 5.0.18
ProductVersion : 5.0.18
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:14 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 560
ThreadCreationTime : 6-30-2005 9:35:04 PM
BasePriority : Normal
FileVersion : 6.00.3215.0
ProductVersion : 6.00.3215.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © Microsoft Corporation 1987-2001. All rights reserved.
OriginalFilename : WkUFind.exe

#:15 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 568
ThreadCreationTime : 6-30-2005 9:35:05 PM
BasePriority : Normal
FileVersion : 2.15.264
ProductVersion : 2.15.264
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:16 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 584
ThreadCreationTime : 6-30-2005 9:35:05 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:17 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 600
ThreadCreationTime : 6-30-2005 9:35:05 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:18 [winampa.exe]
ModuleName : C:\Program Files\Winamp\winampa.exe
Command Line : "C:\Program Files\Winamp\winampa.exe"
ProcessID : 344
ThreadCreationTime : 6-30-2005 9:35:05 PM
BasePriority : Normal


#:19 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\System32\RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
ProcessID : 632
ThreadCreationTime : 6-30-2005 9:35:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:20 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 648
ThreadCreationTime : 6-30-2005 9:35:05 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:21 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 124
ThreadCreationTime : 6-30-2005 9:35:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:22 [wkcalrem.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
ProcessID : 948
ThreadCreationTime : 6-30-2005 9:35:06 PM
BasePriority : Normal
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:23 [sysdoc32.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
Command Line : "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE" /STARTUP
ProcessID : 956
ThreadCreationTime : 6-30-2005 9:35:06 PM
BasePriority : Idle
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton System Doctor
InternalName : SYSDOC32
LegalCopyright : Copyright © 2003 Symantec Corporation
OriginalFilename : SYSDOC32.EXE

#:24 [calcheck.exe]
ModuleName : C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
Command Line : "C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe"
ProcessID : 964
ThreadCreationTime : 6-30-2005 9:35:06 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : Calendar Checker Application
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
LegalCopyright : Copyright © 1992-1999.Ulead Systems, Inc.
LegalTrademarks : Ulead Systems, MediaStudio, PhotoImpact and Photo Express are registered trademarks of Ulead Systems, Inc.
OriginalFilename : CalCheck.EXE

#:25 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : svchost.exe
ProcessID : 1024
ThreadCreationTime : 6-30-2005 9:35:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:26 [ghosts~2.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
Command Line : C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
ProcessID : 1360
ThreadCreationTime : 6-30-2005 9:35:10 PM
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe

#:27 [stchost.exe]
ModuleName : C:\WINDOWS\stchost.exe
Command Line : C:\WINDOWS\stchost.exe
ProcessID : 1560
ThreadCreationTime : 6-30-2005 9:35:10 PM
BasePriority : Normal


#:28 [navapsvc.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"
ProcessID : 1664
ThreadCreationTime : 6-30-2005 9:35:10 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:29 [nprotect.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
Command Line : "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE"
ProcessID : 1680
ThreadCreationTime : 6-30-2005 9:35:10 PM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:30 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1424
ThreadCreationTime : 6-30-2005 9:35:10 PM
BasePriority : Normal
FileVersion : 6.14.10.7730
ProductVersion : 6.14.10.7730
ProductName : NVIDIA Driver Helper Service, Version 77.30
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 77.30
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:31 [persfw.exe]
ModuleName : C:\Program Files\Kerio\Personal Firewall\persfw.exe
Command Line : "C:\Program Files\Kerio\Personal Firewall\persfw.exe"
ProcessID : 1820
ThreadCreationTime : 6-30-2005 9:35:10 PM
BasePriority : Normal
FileVersion : 2, 1, 5, 0
ProductVersion : 2, 1, 5, 0
ProductName : Kerio Personal Firewall
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall Engine
InternalName : PERSFW
LegalCopyright : Copyright © 2002
OriginalFilename : PERSFW.exe

#:32 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Command Line : C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
ProcessID : 1620
ThreadCreationTime : 6-30-2005 9:35:10 PM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll

#:33 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 2000
ThreadCreationTime : 6-30-2005 9:35:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:34 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 2032
ThreadCreationTime : 6-30-2005 9:35:11 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:35 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" /598853 +483832
ProcessID : 2744
ThreadCreationTime : 6-30-2005 9:43:04 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:36 [opera.exe]
ModuleName : C:\Program Files\Opera7\opera.exe
Command Line : "C:\Program Files\Opera7\opera.exe"
ProcessID : 1728
ThreadCreationTime : 6-30-2005 10:17:08 PM
BasePriority : Normal
FileVersion : 3218
ProductVersion : 7.21
ProductName : Opera Internet Browser
CompanyName : Opera Software
FileDescription : Opera Internet Browser
InternalName : Opera
LegalCopyright : Copyright © Opera Software 1995-2003
OriginalFilename : Opera.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


SpywareNo Object Recognized!
Type : File
Data : A0133521.exe
TAC Rating : 7
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{DC4C78C7-976B-4678-8F4C-61208B82CA4A}\RP419\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\system
Value : Wallpaper

SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\desktop\general
Value : WallpaperLocalFileTime

SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoAddingComponents
Data : 0

SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoChangingWallpaper
Data : 0

SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoComponents
Data : 0

SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoEditingComponents
Data : 0

SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoHTMLWallPaper
Data : 0

SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\explorer
Value : ClassicShell
Data : 0

SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\explorer
Value : NoActiveDesktop
Data : 0

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 10

3:41:25 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:48.343
Objects scanned:155699
Objects identified:10
Objects ignored:0
New critical objects:10

Edited by panzer503, 30 June 2005 - 04:52 PM.

  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!
AAW has no power for this infection you have, because you have an virus/trojan there, as Ad-aware isn't anti-virus software.
#:27 [stchost.exe]
FilePath : C:\WINDOWS\
ProcessID : 1560
ThreadCreationTime : 6-30-2005 9:35:10 PM
BasePriority : Normal


(well, in addition to spyware you also have..)
Wait for an mod to come and move this topic to Malware removal forum.
You have to download HiJackThis v 1.99.1 and install it.
(Please do note, that unzip it to an permanent folder such as C:\HJT. Then you will have access to back ups.)
When installed, launch it and hit "Do a full system scan and save the logfile".
Once the scan has finished, a notepad file will open with a log. Please copy & paste all of it's content to your next reply to this thread.
When you have posted it, someone from our HJT staff will come and help you with your problems..

Mean while you're waiting,
run couple of these free online A/V scans here;
- RAV
- Kaspersky
- BitDefender
- Jotti Virusscan

And one of the following free anti-trojan scans;

- A2 <- Free Trojan scanner
- Trojan Hunter <-- 30 days free trial.


- Rawe :tazz:
  • 0

#3
panzer503

panzer503

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Wow, thanks for the quick reply! Here's a copy of my HJT log. Im also running the online virus scans.

Logfile of HijackThis v1.99.1
Scan saved at 6:07:49 PM, on 6/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\WINDOWS\stchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera7\opera.exe
C:\Documents and Settings\psyklops\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker001.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb001.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Printer Spooler] C:\WINDOWS\System32\winspooler.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O21 - SSODL: LiveReg - {EAF0F8E0-E338-C706-2883-49086EC3F47A} - c:\program files\common files\symantec shared\livereg\xnzww32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello and welcome to GeeksToGo! My name is Kat, and I will be helping you. I apologize for the delay in getting to you. :tazz:

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
  • 0

#5
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
I forgot to mention that like most everyone...I will be leaving soon to go see fireworks. I will check back in later tonight to see if you've replied! I have subscribed to this thread, so I will know when you make a reply! :tazz:
  • 0

#6
panzer503

panzer503

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hope you had fun with the firewoks! : ) I believe that my comp was used as a server for warez... Everything was hidden in C:\documents\psyklops\Complete folder. The problem was taht the folder was hidden. Is it possible to reveal such a file on my computer again in the future? *scratches head*


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:13:04 PM, 7/4/2005
+ Report-Checksum: 75676CDB

+ Scan result:

C:\Documents and Settings\psyklops\Complete\1st Security Agent v6.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\1st Security Agent with 1st Screen Lock.v6.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\1st Security Agent with IE Internet Security.v6.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\3D Formula 1 Screensaver v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\3d Studio Max 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\3d Ultra Pinball Thrillride.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\3DMark 2005 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\ABBYY FineReader Professional Edition 7.0.0.1007.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Ability Office v4.9.000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\ACD Systems Canvas X Build 899.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Acronis True ImageTrue Image Server 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\ActiveState Expect.v1.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Adobe GoLive CS2 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Adobe Illustrator CS.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Adobe PageMaker 7.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Advanced Security Administrator v10.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\AdvancedPicHunter 20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Adware Spyware Removal 5.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\AdwareX Eliminator 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\AirStrike 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Alias Maya Unlimited v6.5 for Windows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\AlienAbduction 1200.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\All Swish Products.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\ALO Audio CD Ripper 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\ALO Audio CD Ripper v1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Anti-[bleep] .v7.0.6.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\AnyDVD 4.5.7.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\AnyDVD 5.1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\ApBackUp 2.5.1591.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Apollo DVD Copy 4.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Apollo DVD Copy 4.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Apollo DVD Copy v4.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Apycom Java Menus and Buttons v5.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Ashampoo Photo Commander v3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Ashampoo WinOptimizer Platinum Suite 2 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Ashampoo WinOptimizer Platinum Suite 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\ASPMaker v4.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Avast Professional 4.5.546.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Avast Professional 4.5.561.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Baby Album, Basic.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Batch Script Processor 3.08 for AutoCAD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Battlefield 2 Reloaded iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Battlefield 2 Reloaded.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Battlefield 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Black Pirate Fs 1.0 2005 Sneaky Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Blaze DVD Copy 3.5.9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Blaze DVD Copy v3.5.9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Blaze Media Pro 5.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Blindwrite 5.2.10.142.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Borland C++ Builder Enterpris.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Broken Cross Disk Manager v3.62 Pro + Re.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\BurnerSoft Easy DVD Shrink 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\CA eTrust EZ Antivirus 2005 7.0.7.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Catalyst SocketTools Visual Edition v4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Celemony Melodyne Uno 1.1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Cheetah Commandline Burner 1.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Cinderella Man (Good Quality).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Circuitmaker 2000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Clean Disk Security v7.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\CleanCenter 1.34.60.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\ClockShop Lite v1.1.0.363.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Commandos 3 Destination Berlin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Corel Designer Technical Suite v12.0 ful.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Corel Designer Technical Suite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\CorelDRAWÂ Graphics Suite 12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\DefencePlus 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Dekart Logon v2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Digital Light & Color Picture Window Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\DivX 6.0 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Downtime Manager v4.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\DSL Speed 2.08.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\DVD Encoder 2.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\DVD Region-CSS Free 5.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\DvdComposer v1.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\DVDComposer v1.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\DVDFab Platinum 2.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\DVDIdle Pro 5.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Easy DVD CD Burner 3.0.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Easy DVD CD Burner v3.0.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\eMule 0.46a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\EShopper Deluxe v2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Eudora Automation Tool v2.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\EVEREST Professional 1.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\EVEREST Ultimate Edition 2005 2.01.347.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Farstone VirtualDrive v9.0 Incl Serial.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Final Fantasy 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Firegraphic 8.0.803.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Flash Renamer 4.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\FolderShine v1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Foxit PDF Reader 1.3.2 Build 0701 Beta.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\FTP Voyager 12.1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\FTPEditor Pro 3.2.2.435.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Game XP 1.5.6.29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\GameBoost 1.6.20.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Gangsters 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Genie Backup Manager Professi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\GMail Drive 1.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Golden Keywords v4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\GrabFile 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Grand Theft Auto San Andreas PC iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Grand Theft Auto San Andreas [PC].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\GroundControl 3.32.176.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Hacker 2005 The Broken Link.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Halflife 2 iSO EMPORIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Hidden Cameras 2.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Hitman 3 Contracts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\HomeRoom v1.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\HWDirect 1.66.0.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\IE Password v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Indecent Proposal softEROTICA.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Installshield 10.5 Premier.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Internet Download Manager 4.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\IP-Tools 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\iPodSoft iPod Agent v1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\IPodSoft MarkAble v1.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Ipswitch WS_FTP Professional 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Jay-Z - The Red Album.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Jumeogi Unda DVD Rip Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Jumeogi Unda.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Kaspersky Antivirus Personal.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Kicking And Screaming SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Kingdia Dvd Ripper Professional 2.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Kingdia DVD Ripper Professional 2.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Kingdom of Heaven Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Kingdom of Heaven.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Klonsoft MP3 to WAV Converter v2.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Learn to play Guitar - GCHGA unit2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Limewire Pro 4.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\LinkStash 1.6.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Longhorn Transformation Pack 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Longhorn Transformation Pack 10.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Magic ISO Maker 4.5.116.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\MagicTweak 2.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\MaxPayne I.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Medal Of Honor European Assault PS2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Medal Of Honor European Assault.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\MediaMonkey v2.4.1.872.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Microsoft AntiSpyware 1.0.613 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Microsoft Windows Longhorn 50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Midnight Club 3 DUB Edition W-ALL.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\MindHunters Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\MindHunters.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Mr. & Mrs. Smith Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Mr. &amp; Mrs. Smith.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Nero Media Player 1.4.0.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Newsleecher - V2.3 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\No 1 Video Converter 3.8.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Nvidia nTune 2005 Retail.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\nVidia nTune 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\OkPress 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\OpenOffice.org 2.1 Beta for Windows (Snapshot Build 1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PartitionMagic 8.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PC Auto Shutdown v1.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PC OMR v6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PC Repair - V2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PC Repair 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PCBoost v3.6.20.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PDF Filler Pilot 1.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PDF Filler Pilot 1.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PDF Maker Pilot v1.22 Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PECompact 2.60.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Pendulum - Hold Your Colour (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Personal Internet Phone Equipment 2.72.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PerspecX version 1.0 i.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Photobuilder Platinum Version 5.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PhotoWatermark Pro 6.0.5.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PhotoWatermark Professional v6.0.5.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Pink Floyd - Full Discography.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Pinnacle Studio Plus 9.4.3.56.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Pinnacle TitleDeko Pro 2.0.1634.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Plato DVD Ripper 1.2 & Plato DVD Ripper.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Polybytes PolyView 4.251.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Pop up Blocker Pro v7.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Pop-Up Stopper Professional v1.8.1000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Post Impact DVD Rip Xvid French.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Post Impact.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PowerPoint2DVD v2.24.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Privacy Shield 3.0.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Profab_Elite_with_Laser v7.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Pure CD Ripper 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Pure Motion Edit Studio Pro v5.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\PureBeautyMag.Daily.Issue.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Quake III - Urban Terror 3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Raxco PerfectDisk 7.0 Build 42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Registry Repair 1.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Remote Installer v1.3.74.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\River Past Audio Converter Pro 6.2.0.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\RiverPast Screen Recorder Pro - V6.2.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Robbie Williams - Life Thru a Lens.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Roxio Easy Media Creator 7.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Roxio Easy Media Creator 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\RSS Captor Pro 2.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\S.C.A.R. - Squadra Corse Alfa Romeo iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Sadie Sen PhotoSHOOT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\SapphicEROTICA.Daily.Issue.05.06.08.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Serv-U FTP Server 6.1.0.1.2 Corporate Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Serv-U FTP Server v6.1.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Shakira - Tour Of The Mongoose, Intervie.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Shuric Scan v1.15.242.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Shuric Scan.v1.67 Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\SILVERRUN ModelSphere 2.3 Keygen.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Sims 2 University.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Sin City Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Sin City.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Sinner GigAlarm v1.270 Keygen.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Skype 1.3.0.59 for Windows + vSkype 1.0.0.35 Beta.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Small Business Publisher v2.0.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Smart USB 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Smart Wallpaper Lite v3.0.0.873 Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\SmartFTP v1.5.988.29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Sony Sound Forge 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Still Life [PC].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Super Collapse II Platnuim 1.0.0.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Super Collapse II Platnuim v1.0.0.12 Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Super Video Converter v1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Super Video Joiner 1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Super Video Joiner v1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Super Video Splitter v1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\SureClean Professional v2.0.1000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\SWF Image Creator v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Symantec Norton Ghost V9.0 ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Taxi 3 Extreme Rush (Pc) iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Texas Instruments Derive 6.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\The Hitchhikers Guide To The Galaxy Div.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\The Longest Yard (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\The Longest Yard SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\The Settlers IV.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Throttle v6.6.20.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Tork Prehistoric Punk USA XBOX DVD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Torrent Search Expert 1.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Track Mania.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Ulead.MPEG-4.Plug-in.for.VideoStudio.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Uplink Hacker Elite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Uru Ages Beyond Myst ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Veign Seeker 2.0.0.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Veign Seeker v2.0.0.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Version Notes Manager 1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Version Notes Manager.v1.01 Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\VideoCharge Professional v3.12 Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Vika.and.Mario NUDE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Virtualfem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Warez P2P 2.8 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Web Download Pro 1.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Webroot Spysweeper V4.0.0 (build 286) Be.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Windows ME GE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Windows Server 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\WinRAR 3.50 Beta 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\WM Recorder 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Wumpscut - Embryodead.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\X Video Joiner 1.9.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\XnView 1.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\Zend Studio 3.5.1Client.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Complete\ZoneLabs ZoneAlarm Pro 5.5.062.004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Cookies\psyklops@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\psyklops\Incomplete\T-872159-Adobe PhotoShop 9.0 CS2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Local Settings\Temporary Internet Files\Content.IE5\3BXL191Y\stat[1].htm -> TrojanDownloader.Agent.e : Cleaned with backup
C:\Documents and Settings\psyklops\Shared\Adobe PhotoShop 9.0 CS2 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Shared\Adobe Photoshop CS2 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\psyklops\Shared\Adobe Photoshop CS2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup
C:\RECYCLER\S-1-5-21-854245398-412668190-1417001333-500\Dc23.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\S-1-5-21-854245398-412668190-1417001333-500\Dc28.exe -> TrojanDownloader.Small.awa : Cleaned with backup
C:\RECYCLER\S-1-5-21-854245398-412668190-1417001333-500\Dc29.exe -> TrojanDownloader.Small.aux : Cleaned with backup
C:\RECYCLER\S-1-5-21-854245398-412668190-1417001333-500\Dc30.exe -> TrojanDownloader.Small.atl : Cleaned with backup
C:\RECYCLER\S-1-5-21-854245398-412668190-1417001333-500\Dc33.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\avrack.ini:abyzb -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\avrack.ini:mndpo -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\control.ini:qoqjo -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\control.ini:xrdln -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\desktop.ini:vicyzr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\desktop.ini:wohsk -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\iTouch.ini:dsuiz -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\msdfmap.ini:ggzdt -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\ODBC.INI:otxav -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:jivtj -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:wyrocq -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\system.ini:tdsrv -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\zolker001.dll -> TrojanDownloader.Agent.pi : Cleaned with backup
C:\WINDOWS\vb(2).ini:ayiim -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\vb(2).ini:ceabt -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\vb.ini:ayiim -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\vbaddin.ini:fquqt -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\vbaddin.ini:hwdmf -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\Winamp(2).ini:egivy -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\Winamp(2).ini:egivyq -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\Winamp.ini:egivy -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\Winamp.ini:egivyq -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\winampa.ini:lqoob -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\winampa.ini:zcfbai -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:obqbx -> TrojanDownloader.Agent.ne : Cleaned with backup


::Report End

Edited by panzer503, 04 July 2005 - 07:26 PM.

  • 0

#7
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
wow. ;) Ok, let's see a fresh HJT log, and we'll get you fixed up from there!

If you have any P2P type program on that machine, please let me know which one, and I"ll let you know if it's a "safe" one or not. If it's not, we'll uninstall it, and when we get you cleaned up...I'll give you a link to an article that has a list of CLEAN file-sharing programs! ;)

And no...I didn't go to fireworks. My girls chose to go with friends, instead. :help: Getting too big, I suppose. :tazz:
  • 0

#8
panzer503

panzer503

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi thanks for the reply! I fired up my ei browser and it seems to be working properly. Rescaned using ewido and everything seems to be all clean.

Im using both lime wire and winmx. Needlesstosay Im going to be a lil more conservative when I download something like photoshopCS off of limewire again. When I opened up my norton protected files all of the warez were there. When I chose one and checked out its properties, it was only about 850kb. Now I know an average program like that would have been at least 70 to 100MB. How in the heck do they hide all of those programs in something like photoshopCS...? No need to go into detail though. Im sure your busy defeating malware! : )

Sorry for the laggy reply as I was watching fireworks myself in los angeles.

That'd be great if you could point me in the general direction of a quality P2P. Thanks!
  • 0

#9
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
I'm glad everything is running well again. I honestly don't know the *how's* as far as how they hide the Malware. You can read this article HERE to find out Clean P2P programs.

Congratulations! Your log is now clean! :tazz:

Here are some items that you will want to add to your to-do list:

These are some tips to reduce the potential for Spyware/Adware/Virus infection in the future:
I would strongly recommend reviewing and installing the following applications if you dont currently have them running on your system:

Use Anti-Virus Software
It is very important that your computer has Anti-Virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online and stand-alone Anti-Virus programs:
Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software
It is imperitive that you update your Anti-Virus software at least once a week (Even more if you wish). If you do not update your Anti-Virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Spyware/Adware Detection and Removal Programs:
Understanding Spyware, Browser Hijackers, and DialersAd-Aware SEIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Ad-Aware SE
How to use Ad-Aware SE to remove Spyware
[/list]Spybot S&DIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Spybot S&D
How to use Spybot to remove Spyware
[/list]I strongly recommend using both of these programs to catch most spyware/adware

Prevention Programs:
  • SpywareBlaster -- SpywareBlaster will prevent spyware from being installed.
  • SpywareGuard -- SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad -- IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts File -- The MVPS Hosts File replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar -- Get the free Google Toolbar to help stop pop up windows.
Other Necessary Programs:
  • A More Secure Browser
    Internet Explorer is not the most secure and best browser.
    There are safer and better alternatives available. I recommend using Firefox
Be sure to also keep up with Windows and IE updates.

Windows Security and Critical Updates
http://v4.windowsupdate.microsoft.com/en/default.asp

Internet Explorer Security and Critical Updates
http://www.microsoft.com/windows/ie/default.asp

And also see TonyKlein's good advice
So how did I get infected in the first place?

Update all these Programs Regularly:Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically.

  • 0

#10
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP