Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please Help, Cannot open Regedit (hijackthis log) [RESOLVED]

Started by mattiscool , Jul 08 2005 02:36 PM

  • This topic is locked This topic is locked

#16
mattiscool
Posted 09 July 2005 - 03:51 PM

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Currently its Iexplore.exe (Internet Explorer...) ( i know you know what that is)
but its going up and down, it goes from 95- 40- 22- 85- 64-99...anyways yeah. thats it. Still cant open Regedit from the "Start > Run" thing..same with CMD
  • 0

Advertisements

#17
mattiscool
Posted 09 July 2005 - 04:04 PM

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
My god, Im infected!



-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Saturday, July 09, 2005 18:02:51
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 9/07/2005
Kaspersky Anti-Virus database records: 129866
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 72331
Number of viruses found: 13
Number of infected objects: 1560
Number of suspicious objects: 19
Duration of the scan process: 6978 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Administrator\My Documents\csaim.exe Infected: P2P-Worm.Win32.VB.da
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc2.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc2.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc3.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc3.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch4.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch4.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Andie\My Documents\csaim.exe Infected: P2P-Worm.Win32.VB.da
C:\Documents and Settings\Guest\My Documents\csaim.exe Infected: P2P-Worm.Win32.VB.da
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/22 Jan 2004 14:42 from Jean-Marie Lapointe:PoseChaude.JPG.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/17 Mar 2004 14:21 from brew:order.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/09 Apr 2004 01:43 from [email protected]:Mail Delivery (fail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/09 Apr 2004 01:54 from [email protected]:Mail Delivery (failure .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/10 Apr 2004 01:15 from [email protected]:Mai.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/10 Apr 2004 01:07 from [email protected]:Mail Deli.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\My Documents\csaim.exe Infected: P2P-Worm.Win32.VB.da
C:\Documents and Settings\Matthew\Complete\ Age Of Empires The Conqurers.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ Age Of Empires The Conqurers.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ Av Voice Changer Software Diamond Edition 4.0.4.1 Full.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ Av Voice Changer Software Diamond Edition 4.0.4.1 Full.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\1 Click DVD Copier.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\1 Click DVD Copier.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\1Click DVD Copy 4.1.1.4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\1Click DVD Copy 4.1.1.4.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\2 Scoops Double Dipped XXX DVD Rip Xvid.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\2 Scoops Double Dipped XXX DVD Rip Xvid.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\2G Poster Works 1.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\2G Poster Works 1.0.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\2G Poster Works v1.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\2G Poster Works v1.0.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\3D Webmaker 2.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\3D Webmaker 2.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\7 Seconds DVD Rip Xvid.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\7 Seconds DVD Rip Xvid.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\7-Zip 4.24.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\7-Zip 4.24.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\A Beautiful Mind.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\A Beautiful Mind.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\A-aware se 1.6 Professional.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\A-aware se 1.6 Professional.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ability FTP Server v1.16.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ability FTP Server v1.16.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Absolute Video Converter v2.5.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Absolute Video Converter v2.5.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Acoustica MP3 Audio Mixer 2.471.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Acoustica MP3 Audio Mixer 2.471.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Acronis Disk Director Suite 9.0.534.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Acronis Disk Director Suite 9.0.534.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Acronis Power Utilities 2005.614.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Acronis Power Utilities 2005.614.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Acronis Privacy Expert Suite 8.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Acronis Privacy Expert Suite 8.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Active Desktop Calendar 5.4.050608.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Active Desktop Calendar 5.4.050608.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Active WebCam 5.9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Active WebCam 5.9.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ad-Aware SE Pro 1.04.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ad-Aware SE Pro 1.04.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Acrobat 6.0.2 Professional.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Acrobat 6.0.2 Professional.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Acrobat Reader (32-bit) 5.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Acrobat Reader (32-bit) 5.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Audition 1.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Audition 1.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe GoLive CS2 8.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe GoLive CS2 8.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Illustrator CS.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Illustrator CS.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Indesign Cs2 V4.0!.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adobe Indesign Cs2 V4.0!.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adult Packman.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adult Packman.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Advanced Pic Hunter v2.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Advanced Pic Hunter v2.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Advanced Uninstaller Pro 2005 v7.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Advanced Uninstaller Pro 2005 v7.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adware Away 2.2.86.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Adware Away 2.2.86.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AdwareX Eliminator 2.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AdwareX Eliminator 2.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Agnitum Outpost Firewall Pro 2.5.369.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Agnitum Outpost Firewall Pro 2.5.369.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ahead Nero Burning ROM 6.6.0.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ahead Nero Burning ROM 6.6.0.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ahead Nero Media Player 1.4.0.27.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ahead Nero Media Player 1.4.0.27.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ahead NeroMix 1.4.0.27.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ahead NeroMix 1.4.0.27.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ahead NeroVision Express 3.0.1.18.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ahead NeroVision Express 3.0.1.18.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Airlog v3.0.49.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Airlog v3.0.49.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Alcohol 120% 1.9.2.1705.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Alcohol 120% 1.9.2.1705.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Alcohol 120% 1.95.3105 Retail.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Alcohol 120% 1.95.3105 Retail.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Alien Vs. Predator.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Alien Vs. Predator.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\All In one Paswords Utilities 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\All In one Paswords Utilities 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\All Zealotsoft Products in one.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\All Zealotsoft Products in one.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Allman Brothers - Dreams.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Allman Brothers - Dreams.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Anti-[bleep] 7.0.6.10 Enterprise.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Anti-[bleep] 7.0.6.10 Enterprise.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Anti-Virus 3.94.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Anti-Virus 3.94.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AntiVir Personal Edition 6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AntiVir Personal Edition 6.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AntiVir Professional Edition 6.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AntiVir Professional Edition 6.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AnyDVD 4.5.5.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AnyDVD 4.5.5.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ANYDVD 5.2.7.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ANYDVD 5.2.7.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AnyDVD v5.2.7.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AnyDVD v5.2.7.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Anyplace Control 2.9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Anyplace Control 2.9.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Apollo 37zp.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Apollo 37zp.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Area 51 - XBOXDVD.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Area 51 - XBOXDVD.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AREA-51 PC iSO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AREA-51 PC iSO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Articulate Spelling v1.24.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Articulate Spelling v1.24.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ashampoo Burning Studio 5.0.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ashampoo Burning Studio 5.0.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ashampoo UnInstaller Platinum Suite 1.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ashampoo UnInstaller Platinum Suite 1.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AstroCalendar 1.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AstroCalendar 1.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AtomPark Email Hunter 1.41.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AtomPark Email Hunter 1.41.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Audio DVD Creator 1.85.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Audio DVD Creator 1.85.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Auto Submitter.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Auto Submitter.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AutoFTP Premium v4.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AutoFTP Premium v4.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Automize 6.19 for Windows.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Automize 6.19 for Windows.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Av Voice Changer Software Diamond Edition 4.0.4.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Av Voice Changer Software Diamond Edition 4.0.4.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AVG Anti-Virus plus Firewall 7.0.335 Professional.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AVG Anti-Virus plus Firewall 7.0.335 Professional.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AVI DivX MPEG to DVD Converter and Burner 1.3.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\AVI DivX MPEG to DVD Converter and Burner 1.3.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\B.B.King - Live in Cook Count.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\B.B.King - Live in Cook Count.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Baby Album - Basic Edition.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Baby Album - Basic Edition.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Bad Religion - Suffer.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Bad Religion - Suffer.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BarCodeWiz Barcode ActiveX Control 1.67.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BarCodeWiz Barcode ActiveX Control 1.67.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BarCodeWiz Barcode ActiveX v2.09.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BarCodeWiz Barcode ActiveX v2.09.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Batch Script Processor v3.08 for AutoCAD.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Batch Script Processor v3.08 for AutoCAD.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BatchRename 2 v2.64.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BatchRename 2 v2.64.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Batman Begins (2005) DVDRip.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Batman Begins (2005) DVDRip.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Batman Begins DiVx.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Batman Begins DiVx.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Batman Begins.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Batman Begins.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Battlefield 1942.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Battlefield 1942.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Battlefield 2 (DVD).zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Battlefield 2 (DVD).zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Battlefield 2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Battlefield 2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Battles In Normandy.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Battles In Normandy.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Bewitched.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Bewitched.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BitDefender Pro Plus 8.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BitDefender Pro Plus 8.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BitDefender Professional Plus 8.0.137.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\BitDefender Professional Plus 8.0.137.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Blade Trinity VCD.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Blade Trinity VCD.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Blindwrite 5.2.13.147.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Blindwrite 5.2.13.147.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Bob Marley - Discography.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Bob Marley - Discography.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Brothers in Arms Road to Hill 30 iSO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Brothers in Arms Road to Hill 30 iSO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Camtasia Studio 2.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Camtasia Studio 2.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Camtasia Studio 3.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Camtasia Studio 3.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CaptureWizPro 3.3.Keymaker.Only.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CaptureWizPro 3.3.Keymaker.Only.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CaptureWizPro v3.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CaptureWizPro v3.3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Carmageddon TDR 2000.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Carmageddon TDR 2000.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CD Ripper 2.85.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CD Ripper 2.85.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CDBurnerXP Pro 3.5.101.4 Alpha.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CDBurnerXP Pro 3.5.101.4 Alpha.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CDCheck 3.1.5.1b.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CDCheck 3.1.5.1b.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CDMenuPro Business Edition 4.100.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CDMenuPro Business Edition 4.100.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CDMenuPro Business Edition 4.20.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CDMenuPro Business Edition 4.20.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Celine Dion - Miracle.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Celine Dion - Miracle.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Central Brain Identifier v7.5.0.7 build 0627.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Central Brain Identifier v7.5.0.7 build 0627.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\cFos v6.00.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\cFos v6.00.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\cFos Watch 5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\cFos Watch 5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Championship Manager 5 ISO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Championship Manager 5 ISO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ChatBlocker 2.22.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ChatBlocker 2.22.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\City of Ghosts DVD Rip MVCD.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\City of Ghosts DVD Rip MVCD.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Clean Space v9.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Clean Space v9.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Clipboard Magic 4.00.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Clipboard Magic 4.00.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CloneCD 5.1.0.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CloneCD 5.1.0.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CodeLobster v2.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CodeLobster v2.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CodeStuff Starter 5.6.1.45.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CodeStuff Starter 5.6.1.45.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CoffeeCup HTML Editor 2005G.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CoffeeCup HTML Editor 2005G.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Commandos 3 Destination Berlin.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Commandos 3 Destination Berlin.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Constantine Xbox.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Constantine Xbox.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Constantine Xvid.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Constantine Xvid.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Cossacks II Napoleonic Wars iSO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Cossacks II Napoleonic Wars iSO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Crazy Browser 2.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Crazy Browser 2.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Curved Air - On Air - Live.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Curved Air - On Air - Live.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Cyberlink Powerdvd 6.0.0.1102 Multilanguage.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Cyberlink Powerdvd 6.0.0.1102 Multilanguage.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CyD NET Utils v4.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CyD NET Utils v4.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CyD WEB Calendar Creator v1.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CyD WEB Calendar Creator v1.3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CyD WEB Menu Creator v1.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\CyD WEB Menu Creator v1.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Dangerous Waters - HOODLUM.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Dangerous Waters - HOODLUM.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DataTrack System 2005 v2.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DataTrack System 2005 v2.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DCS DVD Copy Suite 1.12.002.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DCS DVD Copy Suite 1.12.002.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Dead 2 Rights.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Dead 2 Rights.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Deer Hunter 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Deer Hunter 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Delaydots Phat Pro DX Plugin v.3.32.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Delaydots Phat Pro DX Plugin v.3.32.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Demonstration Screen v1.4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Demonstration Screen v1.4.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Digital Anarchy Backdrop Designer v1.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Digital Anarchy Backdrop Designer v1.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Digital Anarchy Texture Anarchy v1.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Digital Anarchy Texture Anarchy v1.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Digital Audio Editor v2.9.6.495.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Digital Audio Editor v2.9.6.495.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Diskeeper 9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Diskeeper 9.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Doom 3 FiNAL iSO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Doom 3 FiNAL iSO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Doom 3 Resurrection of Evil.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Doom 3 Resurrection of Evil.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Downloader Pro v1.62.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Downloader Pro v1.62.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Dr.Hardware 2005 Build 6.0.0e.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Dr.Hardware 2005 Build 6.0.0e.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Dr.Web 4.32b.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Dr.Web 4.32b.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Drakkon Script Creator v1.3.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Drakkon Script Creator v1.3.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DreamTheater-MasterOfMetallic.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DreamTheater-MasterOfMetallic.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD Copy Express 5.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD Copy Express 5.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD PixPlay 2.24.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD PixPlay 2.24.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD PixPlay 2.25.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD PixPlay 2.25.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD Region 5.62.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD Region 5.62.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD Region-Free 1.28 - 01 Jul 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD Region-Free 1.28 - 01 Jul 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD X CloneDVD 3.5.8.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVD X CloneDVD 3.5.8.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVDFab Platinum 2.89.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVDFab Platinum 2.89.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVDFab Platinum Edition 2.70.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DVDFab Platinum Edition 2.70.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DvdXCopy Platinum 4.0.3.8 Full.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\DvdXCopy Platinum 4.0.3.8 Full.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easy DVD To DVD Copy 3.0.15.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easy DVD To DVD Copy 3.0.15.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easy Icon Maker 5.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easy Icon Maker 5.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easy Music CD Burner 3.0.22.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easy Music CD Burner 3.0.22.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easy Real Converter 1.50.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easy Real Converter 1.50.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\EasyDVD to DVDCopy Pro 3.0.15.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\EasyDVD to DVDCopy Pro 3.0.15.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easyrecovery Pro V6.10.07.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Easyrecovery Pro V6.10.07.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\egifan3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\egifan3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Elby CloneDVD 2.833.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Elby CloneDVD 2.833.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Elektra DVD Rip Xvid.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Elektra DVD Rip Xvid.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\EMCO Network Inventory v4.5.3.11.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\EMCO Network Inventory v4.5.3.11.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\EMCO Network Malware Cleaner v1.2.3.23.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\EMCO Network Malware Cleaner v1.2.3.23.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\EMCO Network Management v2.1.10.121.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\EMCO Network Management v2.1.10.121.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ennio Morricone - The Best Of.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Ennio Morricone - The Best Of.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Eric Clapton - Live in 1974.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Eric Clapton - Live in 1974.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\eTrust Antivirus 2005 7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\eTrust Antivirus 2005 7.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Eudora 6.2.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Eudora 6.2.3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Extra Drive Creator Professional 4.7.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Extra Drive Creator Professional 4.7.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Eye Candy 5.0 Nature.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Eye Candy 5.0 Nature.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Faithless - Forever Faithless.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Faithless - Forever Faithless.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fantastic 4 The Game.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fantastic 4 The Game.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fantastic 4.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fantastic 4.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Far Cry (PC) iSO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Far Cry (PC) iSO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Farscape Season 1 Dvd.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Farscape Season 1 Dvd.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FastStone Image Viewer 2.15.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FastStone Image Viewer 2.15.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\File ArchiveRescue Pro 2.5.61.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\File ArchiveRescue Pro 2.5.61.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\File Info 2.90.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\File Info 2.90.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\File Info v2.90.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\File Info v2.90.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\File Salvage.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\File Salvage.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FINALDATA Enterprise 2.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FINALDATA Enterprise 2.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FireGraphic v7.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FireGraphic v7.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Firegraphic v8.0.803.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Firegraphic v8.0.803.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fix-It Utilities Professional 6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fix-It Utilities Professional 6.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Flaming Pear Creative Pack v1.20 PS.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Flaming Pear Creative Pack v1.20 PS.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Flash2x Wallpaper Maker v1.0.1 + Keygen.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Flash2x Wallpaper Maker v1.0.1 + Keygen.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FlexiSIGN 7.6v1 & PhotoPRINT 4.6v1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FlexiSIGN 7.6v1 & PhotoPRINT 4.6v1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FlipAlbum® Professional v6.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FlipAlbum® Professional v6.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FlipAlbum Professional 6.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FlipAlbum Professional 6.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FloorPlan 3D Design Suite 9.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FloorPlan 3D Design Suite 9.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Folder Guard Professional 7.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Folder Guard Professional 7.6.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FolderIcon XP 1.020.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FolderIcon XP 1.020.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fontlab TransType v2.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fontlab TransType v2.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FontLab v4.6.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FontLab v4.6.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\foobar2000 0.9 beta 5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\foobar2000 0.9 beta 5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ForecastFox 0.8.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ForecastFox 0.8.0.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Forza Motorsport XBOX.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Forza Motorsport XBOX.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Four Empires Bush Against Terrorists 1.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Four Empires Bush Against Terrorists 1.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fresh UI 7.38.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fresh UI 7.38.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fresh UI v7.38.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Fresh UI v7.38.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FTP Now 2.6.18.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FTP Now 2.6.18.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FunPhotor v3.61.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\FunPhotor v3.61.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Futuremark 3DMark05 1.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Futuremark 3DMark05 1.0.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Futuremark PCMark05 1.0.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Futuremark PCMark05 1.0.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Futuris Imager 5.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Futuris Imager 5.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Game Maker v6.1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Game Maker v6.1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Game XP 1.5.5.5.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Game XP 1.5.5.5.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\GameJack v5.0.3.3.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\GameJack v5.0.3.3.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Gamux.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Gamux.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Geneforge 3 v1.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Geneforge 3 v1.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Genesis - Platinum Collection.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Genesis - Platinum Collection.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\GetRight 5.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\GetRight 5.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Google Earth 3.0.036.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Google Earth 3.0.036.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Grand Theft Auto San Andreas PC iSO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Grand Theft Auto San Andreas PC iSO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Grand Theft Auto San Andreas [PC].zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Grand Theft Auto San Andreas [PC].zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Grand Theft Auto San Andreas.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Grand Theft Auto San Andreas.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\GreenCrush v1.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\GreenCrush v1.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hackers Crackers Toolkit Suite 2005.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hackers Crackers Toolkit Suite 2005.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\HALO 2 USA XboX.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\HALO 2 USA XboX.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Handy CD Ripper and Mp3 Wma Converter v1.9.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Handy CD Ripper and Mp3 Wma Converter v1.9.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hard Drive Inspector v1.3 Build 846.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hard Drive Inspector v1.3 Build 846.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Haunting Ground PS2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Haunting Ground PS2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hearts of Iron 2 MYTH.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hearts of Iron 2 MYTH.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Herbie Fully Loaded.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Herbie Fully Loaded.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hexprobe v1.21.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hexprobe v1.21.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hidden Stroke II.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hidden Stroke II.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hide Secret Files v1.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hide Secret Files v1.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hitch Xvid.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hitch Xvid.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hot Town Jubilee - The Spirit.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Hot Town Jubilee - The Spirit.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\HS WinPerfect 5.40.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\HS WinPerfect 5.40.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\HTML Password Lock 2.80.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\HTML Password Lock 2.80.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\HTTP Analyzer Std 1.6.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\HTTP Analyzer Std 1.6.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\IconXP v2.03.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\IconXP v2.03.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\IEPassword 1.0.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\IEPassword 1.0.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Image Video Machine 3.2.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Image Video Machine 3.2.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Imperial Glory (Pc) iSO.zip/Setup.exe Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\Imperial Glory (Pc) iSO.zip Infected: Worm.Win32.VB.an
C:\Documents and Settings\Matthew\Complete\ImTOO Audio Encoder 2.0.17 bu.zip/Setup.
  • 0

#18
Guse
Posted 09 July 2005 - 05:04 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Matt,

The virus scan log showed basically two things.

1) A lot of the stuff is what Spybot cleaned out before. We can clear it off, but it's not really anything to worry about.

2) Most of the stuff is in the C:\Documents and Settings\Matthew\Complete folder. Most of the stuff in there are warez and movies... that's most likely the source of your problems. Warez and such are RIFE with bad, bad stuff.

Let me list off for you some symptoms of that virus:

Opens and locks the following files to prevent these programs from being started:

%System%\taskmgr.exe
%System%\cmd.exe

There's your problem. Here's your solution:
  • Download the FxBropia.exe file from: http://securityrespo...er/FxBropia.exe
  • Save the file to a convenient location, such as your Windows desktop.
  • Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.
  • Close all the running programs.
  • If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
  • Turn off System Restore.
  • Locate the file that you just downloaded.
  • Double-click the FxBropia.exe file to start the removal tool.
  • Click Start to begin the process, and then allow the tool to run.
  • Restart the computer.
  • Run the removal tool again to ensure that the system is clean.
  • re-enable System Restore.
  • If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
I'm not going to promise the infected files will be there after you get done, but this is your best alternative.

It may be a little while before I can get back to this. Just let me know how this goes.
  • 0

#19
mattiscool
Posted 10 July 2005 - 05:04 PM

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Bropia was not found on my computer.

i can open Task Manager
i cannot open REgedit or CMD..

yeah those 'warez' things in /complete, just appeared there.



hmmm i wonder whats wrong
  • 0

#20
mattiscool
Posted 10 July 2005 - 07:47 PM

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
sovnsdsdrh

Edited by mattiscool, 10 July 2005 - 07:48 PM.

  • 0

#21
Guse
Posted 10 July 2005 - 08:27 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Hmm... you're telling me that you didn't download anything in that C:\Documents and Settings\Matthew\Complete folder? If that's the case, I say that we delete the whole darn thing.

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot into Safe Mode

Delete the following files and folders (if they exist):

C:\Documents and Settings\Matthew\Complete (<~~ if you don't want it)
C:\Windows\System32\LEXPLORE.EXE (MAKE SURE THAT's LEXPLORE with an "L")

Next, do a search for the following items and delete them (if they exist):

Drunk_lol.pif
Webcam_004.pif
sexy_bedroom.pif
naked_party.pif
love_me.pif

Next, open Spybot and click Recovery. Select every item under the backup heading and click Purge Selected Items.

Then, rerun Cleanup!

Reboot into Normal Mode

Lastly, go to Kaspersky again and rerun another scan. [b]Be sure to post that log in your next response. Also, give me the Ewido report.txt pasted.
  • 0

#22
mattiscool
Posted 12 July 2005 - 09:51 AM

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Ok. Took Time. I Scanned them both, I couldnt find "Lexplore.exe" or all those ".pif" files. but here are the logs.


-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Monday, July 11, 2005 22:07:29
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/07/2005
Kaspersky Anti-Virus database records: 130126
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 75892
Number of viruses found: 6
Number of infected objects: 9
Number of suspicious objects: 7
Duration of the scan process: 6600 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/22 Jan 2004 14:42 from Jean-Marie Lapointe:PoseChaude.JPG.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/17 Mar 2004 14:21 from brew:order.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/09 Apr 2004 01:43 from [email protected]:Mail Delivery (fail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/09 Apr 2004 01:54 from [email protected]:Mail Delivery (failure .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/10 Apr 2004 01:15 from [email protected]:Mai.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/10 Apr 2004 01:07 from [email protected]:Mail Deli.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Common Files\ziik\ziika.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc126.zip/setup.exe Infected: P2P-Worm.Win32.Alcan.a
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc126.zip Infected: P2P-Worm.Win32.Alcan.a
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc24.zip/setup.exe Infected: P2P-Worm.Win32.Alcan.a
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc24.zip Infected: P2P-Worm.Win32.Alcan.a
C:\System Volume Information\_restore{EE88BD73-A665-475A-BA30-AE594E7E7450}\RP179\A0099142.exe/toolbar.exe Infected: Trojan.Win32.Crypt.e
C:\System Volume Information\_restore{EE88BD73-A665-475A-BA30-AE594E7E7450}\RP179\A0099142.exe Infected: Trojan.Win32.Crypt.e
C:\System Volume Information\_restore{EE88BD73-A665-475A-BA30-AE594E7E7450}\RP179\A0099146.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\System Volume Information\_restore{EE88BD73-A665-475A-BA30-AE594E7E7450}\RP179\A0099147.exe Infected: Trojan-Downloader.Win32.TSUpdate.k

Scan process completed.


---------------------------------------------------

NOW FOR THE EWINDO ONE

---------------------------------------------------


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:50:58 PM, 7/11/2005
+ Report-Checksum: 8F16C21B

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
HKU\S-1-5-21-796845957-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-796845957-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-796845957-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-796845957-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-796845957-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-796845957-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-796845957-1708537768-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cmgtxvl.matt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3i9ortas.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Lou\.jpi_cache\jar\1.0\ar3.jar-586bddde-3e22c5fc.zip/Gummy.class -> Trojan.Java.Femad : Error during cleaning
C:\Documents and Settings\Matthew\crebates.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Matthew\crebates.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Matthew\Desktop\Crap\backups\backup-20050908-192046-622.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\Documents and Settings\Matthew\rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Matthew\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Matthew\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Documents and Settings\Matthew\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Matthew\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Common Files\ziik\ziikl.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\ziik\ziikm.exe -> TrojanDownloader.TSUpdate.k : Cleaned with backup
C:\Program Files\Common Files\ziik\ziikp.exe -> Spyware.Xupiter : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc10.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc100.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc101.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc102.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc103.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc104.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc105.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc106.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc107.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc108.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc109.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc11.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc110.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc111.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc112.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc113.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc114.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc115.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc116.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc117.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc118.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc119.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc12.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc120.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc121.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc122.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc123.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc124.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc125.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc126.zip/setup.exe -> Worm.Alcan.a : Error during cleaning
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc127.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc128.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc129.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc13.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc130.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc131.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc132.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc133.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc134.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc135.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc136.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc137.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc138.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc139.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc14.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc140.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc141.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc142.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc143.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc144.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc145.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc146.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc147.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc148.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc149.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc15.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc150.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc151.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc152.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc153.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc154.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc155.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc156.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc157.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc158.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc159.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc16.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc160.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc161.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc162.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc163.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc164.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc165.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc166.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc167.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc168.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc169.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc17.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc170.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc171.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc172.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc173.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc174.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc175.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc176.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc177.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc178.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc179.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc18.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc180.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc181.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc182.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc183.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc184.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc185.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc186.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc187.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc188.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc189.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc19.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc190.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc191.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc20.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc21.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc22.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc23.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc24.zip/setup.exe -> Worm.Alcan.a : Error during cleaning
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc25.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc26.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc27.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc28.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc29.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc3.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc30.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc31.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc32.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc33.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc34.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc35.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc36.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc37.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc38.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc39.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc4.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc40.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc41.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc42.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc43.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc44.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc45.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc46.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc47.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc48.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc49.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc5.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc50.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc51.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc52.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc53.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc54.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc55.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc56.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc57.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc58.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc59.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc6.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc60.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc61.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc62.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc63.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc64.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc65.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc66.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc67.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc68.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc69.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc7.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc70.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc71.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc72.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc73.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc74.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc75.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc76.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc77.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc78.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc79.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc8.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc80.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc81.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc82.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc83.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc84.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc85.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc86.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc87.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc88.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc89.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc9.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc90.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc91.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc92.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc93.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc94.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc95.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc96.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc97.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc98.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc99.zip/setup.exe -> Worm.Alcan.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\msbe.dll_tobedeleted -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\msxct.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\SYSTEM32\Rfhokg.exe -> Trojan.Popmon.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\Wthvwm.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\SYSTEM32\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\SYSTEM32\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\xxxzzz.exe/rebates.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\SYSTEM32\xxxzzz.exe/toolbar.exe -> Trojan.Crypt.e : Cleaned with backup


::Report End



Whew..There we go.
  • 0

#23
Guse
Posted 12 July 2005 - 11:55 AM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
It probably doesn’t seem like it, Matt, but your Kaspersky log looked a LOT better. Wow. But, we still have some work to do:

First, download and run this Hotfix from Microsoft. You have a few Exploit.HTML.Iframe.FileDownload’s on your machine that can be patched with this to end the exploit.

Now, let’s boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Then, navigate to and delete the following folders:

C:\RECYCLER\ (<~~ just the contents, you can leave the folder)
C:\Program Files\Common Files\ziik\ (<~~~ unless you know what Ziik is, I’d delete the entire folder)

Then, rerun the Cleanup! program that I had you download earlier.

Reboot into Normal Mode

Next, we need to reset your restore points again:

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405

Just to be sure, Kaspersky referred to certain emails you have. You may want to locate and delete these emails and then empty your deleted items folder:

22 Jan 2004 14:42 from Jean-Marie Lapointe
17 Mar 2004 14:21 from brew
09 Apr 2004 01:43 from [email protected]
09 Apr 2004 01:54 from [email protected]
10 Apr 2004 01:15 from [email protected]
10 Apr 2004 01:07 from [email protected]

Lastly, run one more Kaspersky scan. I know it’s getting old, but this is the only way we can make sure.

Post that Kaspersky log in your next reply. Also, let me know if functionality has come back. Can you get to regedit and cmd now?
  • 0

#24
mattiscool
Posted 12 July 2005 - 03:49 PM

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hi, I couldnt install the hotfix thing. It said I dont have Internet Explorer 6, which I was on the site WITH Internet Explorer 6. Anyways, Couldnt Find alot of that stuff, but heres the scan from Kaspersky..ALSO..i went to C:\Recycler, but there was no files in the folder. But it says there is one in the scan.


-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Tuesday, July 12, 2005 17:48:12
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/07/2005
Kaspersky Anti-Virus database records: 130338
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 74032
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 7
Duration of the scan process: 6545 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/22 Jan 2004 14:42 from Jean-Marie Lapointe:PoseChaude.JPG.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/17 Mar 2004 14:21 from brew:order.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/09 Apr 2004 01:43 from [email protected]:Mail Delivery (fail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/09 Apr 2004 01:54 from [email protected]:Mail Delivery (failure .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/10 Apr 2004 01:15 from [email protected]:Mai.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Lou's E-Mail Folders/Inbox/10 Apr 2004 01:07 from [email protected]:Mail Deli.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Lou\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Suspicious: Exploit.HTML.Iframe.FileDownload
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc126.zip/setup.exe Infected: P2P-Worm.Win32.Alcan.a
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc126.zip Infected: P2P-Worm.Win32.Alcan.a
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc24.zip/setup.exe Infected: P2P-Worm.Win32.Alcan.a
C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\Dc24.zip Infected: P2P-Worm.Win32.Alcan.a
C:\System Volume Information\_restore{EE88BD73-A665-475A-BA30-AE594E7E7450}\RP1\A0000004.exe Infected: Trojan-Downloader.Win32.TSUpdate.l

Scan process completed.
  • 0

#25
Guse
Posted 12 July 2005 - 05:55 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Okay, lets make sure that we can see everything before we continue.
  • Go to My Computer
  • Click Tools | Folder Options
  • Click the View tab
  • Under the Advanced Settings heading, find and clear the checkbox for Hide Protected Operating System Files (Recommended).
  • Also, make sure that the radio button for Show hidden files and folders is selected.
  • Click OK
Navigate to C:\RECYCLER\S-1-5-21-796845957-1708537768-1060284298-501\ and delete:

Dc126.zip
Dc24.zip

And you said that you can't find those emails? That's odd. Kaspersky claims that they're a problem.

Also, I still need to know if you're having the same problems.
  • 0

Advertisements

#26
mattiscool
Posted 12 July 2005 - 06:50 PM

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hey. I erased the Whole RECYCLED folder, and the /Lou/Outlook.pts (or .tps...or something)

and my computer was acting weird, and in my Processes, i saw trojan "Up2Date.exe" which is gone now.

REgedit/Cmd still wont open

Edited by mattiscool, 12 July 2005 - 07:00 PM.

  • 0

#27
Guse
Posted 13 July 2005 - 10:33 AM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
You deleted the whole pst file? Does your email still work correctly?

Try downloading this file and saving it to your desktop. Then, right click it and choose Install (This is a small file. It does not display any notice or boxes when you run it.).

Then, try to use regedit again

Rerun Ewido and post the log here.

Also, let me see another HijackThis log, if you don't mind.
  • 0

#28
mattiscool
Posted 13 July 2005 - 04:55 PM

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
i dont use Outlook. Plus the Link doesnt work to the norton thing.
  • 0

#29
Guse
Posted 13 July 2005 - 05:11 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
I should have been more specific, sorry. Right click the link and "Save As" to your computer.

Try again.
  • 0

#30
mattiscool
Posted 13 July 2005 - 06:08 PM

mattiscool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hi, I Opened it, its a text file that says


[Version]
Signature="$Chicago$"
Provider=Symantec

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0


Anyways, REgedit wont open. Ive notcied it, when I try and open it, a command prompt comes up and says "C:\Windows\system32\regedit.com .COM!
thats what the virus does though. anyway. heres my hijack this log.


Logfile of HijackThis v1.99.1
Scan saved at 8:08:07 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Matthew\Desktop\Crap\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.actuality.fr.tc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108837312800
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP