Need help with log file, can anyone help?

Question

Hello all,   I am experiencing some pop up ads. I have an icon in my tray that blinks back and forth from a red circle with a diagonal cross (think no smoking sign) to a blue circle with a white question mark inside. Doesn't bring up anything on right-click, but on left-click a box appears with this text inside:   'Your computer is infected! System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software.'     When I click this box, it takes me to Softwarequake.com.   The pop up ads happen often, and are quite annoying. I also recieve the windows boxes which keep popping back up even when I hit cancel.   I was also curious to see if anythign else was in my Log that shouldn't be there.   Here is my Log:           Logfile of HijackThis v1.99.1 Scan saved at 8:46:12 PM, on 8/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\LxrSII1s.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\HP\KBD\KBD.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\PROGRA~1\MI3AA1~1apimgr.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Marlena Jones\My Documents\Programs\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe' O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [senoj] c:\documents and settings\marlena jones\my documents\adobe .psd files\senoj\csrss.exe O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] 'C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe' O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] 'C:\Program Files\Microsoft ActiveSync\wcescomm.exe' O4 - HKCU\..\Run: [Yahoo! Pager] 'C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE' -quiet O4 - HKCU\..\Run: [senoj] c:\documents and settings\marlena jones\my documents\adobe .psd files\senoj\csrss.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MSWin.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin
pjpi150_08.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin
pjpi150_08.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe     Thanks for anything you may be able to tell me!   -missmeeka21

1972vet · Answer

Rename your HijackThis.exe to Analyze.exe and run it again. Post THAT log back here.

missmeeka21 · Answer

I'm guessing the exe file if the icon I clicked to start the program in the first place? I renamed it to analyze, although it doesn't say if it's an executable file or not, it just says it's an application file. If I am wrong, please explain.

Logfile of HijackThis v1.99.1
Scan saved at 7:22:15 AM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marlena Jones\My Documents\Programs\hijackthis\analyze.exe.exe
C:\Documents and Settings\Marlena Jones\My Documents\Programs\hijackthis\analyze.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {484499F4-EA60-4019-83EB-9CF4F0F2BC2E} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [senoj] c:\documents and settings\marlena jones\my documents\adobe .psd files\senoj\csrss.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MSWin.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll
O20 - Winlogon Notify: h618 - C:\WINDOWS\g621826078.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

1972vet · Answer

Quote: I renamed it to analyze, although it doesn't say if it's an executable file or not...If I am wrong, please explain. No no, you did just right...exactly what I intended for you to do. If you go back and look at your first log, you'll notice that there are no '02' or '020' entries in the log. That was the FIRST thing I noticed. The reason for that is because you have one of the most recent Vundo type infections that hides from the HijackThis.exe application. The '.exe' extension by the way stands for 'executable'...and the only way to expose this is to rename the HijackThis application as you did. Thanks! Now...we can get busy. Please download VundoFix.exe to your desktop. * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will shutdown your computer, click OK. * Turn your computer back on. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could notremove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from 'Click the Scan for Vundo button.' when VundoFix appears at reboot. There will be more to do but please do make a note of how the computer is running now and if you've noticed any change in the way it now behaves. Post those comments along with your Vundofix.txt and a new HijackThis log. Also, please do not rename the Analyze.exe application back to HijackThis just yet. We want to make sure first that your system is completely clean. Thanks!

missmeeka21 · Answer

Wow, thanks! I will try this and come back with the info you have requested.

missmeeka21 · Answer

I did exactly as you asked. It did ask me to reboot a few times in order to be rid of awtqn.dll. To see if my computer was acting any differenty, I went to ebay.com and clicked on some auctions. Normally when I did this, I'd get a pop up with every click. This time around, I haven't gotten any. Other than that, I see no other major changes.       VundoFix Log     VundoFix V6.1.2 Checking Java version... Java version is 1.4.2.3 Java version is 1.5.0.3 Java version is 1.5.0.4 Java version is 1.5.0.6 Java version is 1.5.0.8 Scan started at 8:44:26 AM 8/22/2006 Listing files found while scanning.... C:\WINDOWS\system32\awtqn.dll C:\WINDOWS\system32
qtwa.ini C:\WINDOWS\system32
qtwa.bak1 C:\WINDOWS\system32
qtwa.bak2 C:\WINDOWS\system32\awtqron.dll Beginning removal...  Attempting to delete C:\WINDOWS\system32\awtqn.dll C:\WINDOWS\system32\awtqn.dll Could not be deleted.  Attempting to delete C:\WINDOWS\system32
qtwa.ini C:\WINDOWS\system32
qtwa.ini Has been deleted!  Attempting to delete C:\WINDOWS\system32
qtwa.bak1 C:\WINDOWS\system32
qtwa.bak1 Has been deleted!  Attempting to delete C:\WINDOWS\system32
qtwa.bak2 C:\WINDOWS\system32
qtwa.bak2 Has been deleted!  Attempting to delete C:\WINDOWS\system32\awtqron.dll C:\WINDOWS\system32\awtqron.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.2 Checking Java version... Java version is 1.4.2.3 Java version is 1.5.0.3 Java version is 1.5.0.4 Java version is 1.5.0.6 Java version is 1.5.0.8 Scan started at 8:52:25 AM 8/22/2006 Listing files found while scanning.... C:\WINDOWS\system32\awtqn.dll Beginning removal...  Attempting to delete C:\WINDOWS\system32\awtqn.dll C:\WINDOWS\system32\awtqn.dll Has been deleted! Performing Repairs to the registry. Done!   HijackThis Log     Logfile of HijackThis v1.99.1 Scan saved at 9:18:54 AM, on 8/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\HP\KBD\KBD.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1apimgr.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\LxrSII1s.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Marlena Jones\My Documents\Programs\hijackthis\analyze.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {484499F4-EA60-4019-83EB-9CF4F0F2BC2E} - C:\WINDOWS\system32\awtqn.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe' O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [senoj] c:\documents and settings\marlena jones\my documents\adobe .psd files\senoj\csrss.exe O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] 'C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe' O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] 'C:\Program Files\Microsoft ActiveSync\wcescomm.exe' O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [Yahoo! Pager] 'C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE' -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MSWin.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe O20 - Winlogon Notify: h618 - C:\WINDOWS\g621826078.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

1972vet · Answer

You will need to print these instructions or save them to a .txt file on your Desktop. You should read these instructions entirely, before you begin.

OK, you have a couple more problems there to remove...looks like CoolWebSearch, l2me, and Smitfraud. We should deal with l2me first since that infection likes to delete the run keys, rendering other "fix" software useless.

Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.
Double-click "Look2Me-Destroyer.exe" to run it.
Put a check next to "Run this program as a task."
You will receive a message saying "Look2Me-Destroyer will close and re-open in approximately 1 minute". Click "OK"
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the "Remove L2M" button.
You will receive a "Done Scanning" message, click "OK".
When completed, you will receive this message: "Done removing infected files! Look2Me-Destroyer will now shutdown your computer", click "OK".
Your computer will then shutdown.
Turn your computer back on.
Please remember to post the contents of C:\Look2Me-Destroyer.txt on your next reply. The log can be found wherever the fix is located - if Look2Me-Destroyer is on the desktop thats where the log will be.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Then you click the Remove L2M button and wait for it to give you a message. When you click OK it should shut itself down.

Next, please download and run
>CWShredder.
Launch the executable, accept the agreement, and then click " Check for Update"
Download and install any updates.
Now, close any open windows except for CWShredder and then click " Fix ->"

You'll see three lines starting with "Restoring" to let you know the scan is finished (It should take about a minute to run), then click " Next ->"

Please reboot the computer.

Next up, I am going to give you two sets of instructions...both relating to the Smitfraud infection that you have. The first set of instructions will cause the application to find the bad files. The second set will allow the application to delete the bad files it found.

With each set there is a log generated. It is important that you remember to post both logs in your next reply. You must perform these steps exactly as presented and cannot skip a step. The application will delete nothing unless you first allow it to find the bad files...which is why you must follow these instructions exactly as presented:

Set #1

Please download:
SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press" Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply.

Note :
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Set#2
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, reboot the computer into Safemode.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press" Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into your Normal Windows user mode.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Download Ewido anti-spyware to your desktop.
This is a 30 day free trial. At the end of the 30-day trial period the full version features (active guard, automatic updates...) will be deactivated and the program will become a feature-limited freeware version...You can still keep it and use it for "On Demand" scanning.

Double click the icon on the desktop to launch the set up program.
Select Change state to inactivate "Resident Shield" and "Automatic Updates". Right click on ewido in the system tray and uncheck "Start with Windows".
Once the setup is complete you will need to update the definition files.
On the main screen select the icon Update then click the Start Update button.
The update will start and a progress bar will show the updates being installed.
Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
Once in the Settings screen click on Recommended actions and then select Quarantine.
Under Reports
Select Automatically generate report after every scan
Un-Select Only if threats were found

Close ewido anti-spyware.

Please boot into Safe mode:

Restart the computer and immediately begin tapping the F8 key (or F5 on some Dell machines).
Use the arrow keys to highlight Safe Mode and press the Enter key. Once in safe mode, continue with the instructions below:

Launch ewido anti-spyware by double-clicking the icon on your desktop.
Select the Scanner icon at the top, then the Scan tab then click on Complete System Scan.
ewido will now begin the scanning process, be patient this may take some time.
When prompted of an infection, please select Apply all actions

Once the scan is complete do the following:

Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to your Desktop.

Now close ewido anti-spyware.

Please run HijackThis again and check the following entries that may still exist:
O2 - BHO: (no name) - {484499F4-EA60-4019-83EB-9CF4F0F2BC2E} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: ALCXMNTR.EXE
O4 - HKLM\..\Run: c:\documents and settings\marlena jones\my documents\adobe .psd files\senoj\csrss.exe
O4 - Global Startup: MSWin.exe
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O20 - Winlogon Notify: h618 - C:\WINDOWS\g621826078.dll
O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll

Close all windows except for HijackThis then click Fix Checked.

Locate and delete the following files/folders in Bold if still present:
C:\WINDOWS\system32\ compstuih.dll
C:\Program Files\ ToolBar888\MyToolBar.dll
c:\documents and settings\marlena jones\my documents\adobe .psd files\senoj\ csrss.exe
C:\WINDOWS\ g621826078.dll
C:\WINDOWS\SYSTEM32\ winrzf32.dll
C:\WINDOWS\system32\ urroxtl.dll

Reboot and post the following logs:
Look2Me-Destroyer.txt
Both SmitFraud scan logs
A new HijackThis log

Please advise how the computer is running now and if you are having any other issues. Thanks!

missmeeka21 · Answer

About the Look2Me Destroyer - I ran the prgram and followed the steps. When it was done scanning, there was nothing in the box, but it still gave me the option to remove L2M. Still, I pressed the remove L2m Button. When I got here:

If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.

It did not reopen automatically on reboot either. I even attempted to reboot a second time. I didn't recieve any firewall message either.

I then tried the CWShredder. It went through it's scan and didn't find CWS. I'm wondering is this okay, and if you still want me to continue with the steps?

1972vet · Answer

This entry:
O20 - Winlogon Notify: h618 - C:\WINDOWS\g621826078.dll
...is the l2me infection, and this entry:
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll
...is the Trojan-Downloader.Win32.Delf variant - a member of the CoolWebSearch family.

I had you run those tools because they look for other areas of infection that are not represented in the HijackThis log. The fact that the tools found nothing is a good sign. When you continue with the "Fix" instructions, you will notice those entries are listed at the end for you to remove using HijackThis in safe mode after your Ewido scan. Please complete the list of instructions and post the Ewido scan log along with the other logs requested (I forgot to ask for Ewido's scan log on my last post). Thanks!

missmeeka21 · Answer

That blinking icon in my tray is gone! No popups when i do normal stuff like click a link and no redirecting when I press my homepage button either.

L2MDESTROYER LOG:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 8/22/2006 10:49:01 AM

Attempting to delete infected files...

Making registry repairs.

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded
------------------------------------------------------------------------------------------------------------

First SmitFraud Log:

SmitFraudFix v2.81

Scan done at 20:48:45.28, Tue 08/22/2006
Run from C:\Documents and Settings\Marlena Jones\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\urroxtl.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marlena Jones\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARLEN~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Safety Bar\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g621826078.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g621826078.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}\InProcServer32]
@="C:\WINDOWS\system32\compstuih.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}\InProcServer32]
@="C:\WINDOWS\system32\compstuih.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

-----------------------------------------------------------------------------------------

Second SmitFraud Log:

SmitFraudFix v2.81

Scan done at 20:55:06.48, Tue 08/22/2006
Run from C:\Documents and Settings\Marlena Jones\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g621826078.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g621826078.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}\InProcServer32]
@="C:\WINDOWS\system32\compstuih.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}\InProcServer32]
@="C:\WINDOWS\system32\compstuih.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\urroxtl.dll -> Hoax.Win32.Renos.gen.bHoax.Win32.Renos.gen.c
C:\WINDOWS\system32\urroxtl.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Safety Bar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g621826078.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g621826078.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}\InProcServer32]
@="C:\WINDOWS\system32\compstuih.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}\InProcServer32]
@="C:\WINDOWS\system32\compstuih.dll"

»»»»»»»»»»»»»»»»»»»»»»»» End

missmeeka21 · Answer

C:\Documents and Settings\Jauan's Desktops\Complete\Music Editing Master 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Music portal templates.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NBA Live 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NFS Most Wanted, Fast.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NFS Most Wanted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\National Lampoons Christmas Vacation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Natura Sound Therapy 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nature Illusion Studio 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Need For Speed Most Wanted Alcohol.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Need For Speed Most Wanted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Need For Speed Most.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nero 7 Plugins Pack Pro 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nero Burning ROM 6.6.0.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NetOp School 4.00.2006026.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NetScream 1.11.14.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Netsarang Xftp 1.3.0016.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Network Security Tools.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Neverwinter Nights.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\News Interceptor 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\No1 Video Converter 3.9.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\No1 Video Converter 4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nokia Cellular Phone needs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton AntiVirus 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton Antivirus 2006 Protection Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton Application Removal Tool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton System Works 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton SystemWorks 2006 Premier.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton SystemWorks 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Ocean FTP Server 1.0.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Office 12 (2006).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Office XP Standard 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Offline Explorer Enterprise 4.1.2328.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\One Click Ringtone Converter 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Online TV Player 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Opera 8.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Operation Flashpoint Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PC Cillin Internet Security 2005 12.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PC Magazine December 6 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PC Magazine Home Networking Solutions.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PDF Creators All In one.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PTGui 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Paint Shop Pro9.01 Premium.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pamela Professional 1.30.20051109.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Panda Truprevent Personal 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Password Recover 1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Personal Memory Manager 5.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock - Live @ The Jazz Cafe In London.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock - Soul Survivor 1998.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock - Soul Survivor II.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock- Beat Tape (More Petestrumentals).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Photo2DVD Studio 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PhotoFiltre Studio 7.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pinnacle Studio Plus 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Piotr Banach - Wu-Wei.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Piranesi 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pixarra TwistedBrush 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Plato DVD Ripper 2.32.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Plato Video Converter 3.13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Playboy The Mansion.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Postal 2 Apocalypse Weekend.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Power Video Converter 1.4.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Power Video Converter 1.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PowerArchiver 2006 9.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PowerISO 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PowerPoint to Flash 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Prince of Persia The Two Thrones.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pro Evolution Soccer 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\ProMT Expert 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\ProxyCap 2.01 & 2.03 Merged.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Public PC Desktop 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Public PC Desktop 2.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pure Sim Baseball 2005 Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Quake 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\QuickPersonnel 2005 1.5.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\QuickTime Pro 7.0.3.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RAM Saver Pro 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RapidShare Checker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RapidShare Hacks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RapidShare Harvester.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Rapidshare Premium Accounts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Real Jigsaw Puzzle 1.0.6.927.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Real Player 10 Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Recover My Files 3.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Red Eye Remover 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RegDoctor 1.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Registry Compressor 2.01.69.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Registry Repair 2006 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Registry Rescue 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Remote Password Stealer 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Resident Evil 2 The Apocalypse.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Riddick Intermezzo - Dark Fury.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Robots.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Roswell Pinball.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Roxio Easy Media Creator 8 Suite Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Ruslana - Wild Dances (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SAS Anti-Terror Force.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SPSS 13.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SWiSH Studio 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sail Simulator 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Salon Styler Pro 5.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Santa's Slay -2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Search Engine Builder Professional 2.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Search Engine Studio 3.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Selteco Newsletter Sender 2.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Serials DataBase.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sexual Life.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sim City 4 Delux.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sim Girls 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SmartCode VNC Manager Enterprise 3.0.26.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Soft pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Soldat.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Solid Converter PDF Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sonic Heroes Rip, 3D Platformer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SpamMonster 1.70.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Spy Emergency 2005 2.0.315.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Spy Stalker 1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).

missmeeka21 · Answer

C:\Documents and Settings\Jauan's Desktops\Complete\Music Editing Master 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Music portal templates.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NBA Live 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NFS Most Wanted, Fast.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NFS Most Wanted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\National Lampoons Christmas Vacation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Natura Sound Therapy 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nature Illusion Studio 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Need For Speed Most Wanted Alcohol.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Need For Speed Most Wanted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Need For Speed Most.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nero 7 Plugins Pack Pro 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nero Burning ROM 6.6.0.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NetOp School 4.00.2006026.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NetScream 1.11.14.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Netsarang Xftp 1.3.0016.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Network Security Tools.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Neverwinter Nights.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\News Interceptor 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\No1 Video Converter 3.9.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\No1 Video Converter 4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nokia Cellular Phone needs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton AntiVirus 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton Antivirus 2006 Protection Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton Application Removal Tool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton System Works 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton SystemWorks 2006 Premier.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton SystemWorks 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Ocean FTP Server 1.0.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Office 12 (2006).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Office XP Standard 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Offline Explorer Enterprise 4.1.2328.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\One Click Ringtone Converter 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Online TV Player 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Opera 8.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Operation Flashpoint Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PC Cillin Internet Security 2005 12.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PC Magazine December 6 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PC Magazine Home Networking Solutions.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PDF Creators All In one.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PTGui 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Paint Shop Pro9.01 Premium.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pamela Professional 1.30.20051109.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Panda Truprevent Personal 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Password Recover 1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Personal Memory Manager 5.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock - Live @ The Jazz Cafe In London.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock - Soul Survivor 1998.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock - Soul Survivor II.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock- Beat Tape (More Petestrumentals).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Photo2DVD Studio 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PhotoFiltre Studio 7.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pinnacle Studio Plus 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Piotr Banach - Wu-Wei.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Piranesi 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pixarra TwistedBrush 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Plato DVD Ripper 2.32.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Plato Video Converter 3.13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Playboy The Mansion.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Postal 2 Apocalypse Weekend.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Power Video Converter 1.4.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Power Video Converter 1.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PowerArchiver 2006 9.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PowerISO 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PowerPoint to Flash 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Prince of Persia The Two Thrones.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pro Evolution Soccer 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\ProMT Expert 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\ProxyCap 2.01 & 2.03 Merged.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Public PC Desktop 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Public PC Desktop 2.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pure Sim Baseball 2005 Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Quake 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\QuickPersonnel 2005 1.5.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\QuickTime Pro 7.0.3.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RAM Saver Pro 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RapidShare Checker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RapidShare Hacks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RapidShare Harvester.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Rapidshare Premium Accounts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Real Jigsaw Puzzle 1.0.6.927.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Real Player 10 Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Recover My Files 3.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Red Eye Remover 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RegDoctor 1.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Registry Compressor 2.01.69.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Registry Repair 2006 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Registry Rescue 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Remote Password Stealer 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Resident Evil 2 The Apocalypse.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Riddick Intermezzo - Dark Fury.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Robots.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Roswell Pinball.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Roxio Easy Media Creator 8 Suite Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Ruslana - Wild Dances (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SAS Anti-Terror Force.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SPSS 13.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SWiSH Studio 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sail Simulator 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Salon Styler Pro 5.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Santa's Slay -2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Search Engine Builder Professional 2.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Search Engine Studio 3.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Selteco Newsletter Sender 2.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Serials DataBase.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sexual Life.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sim City 4 Delux.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sim Girls 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SmartCode VNC Manager Enterprise 3.0.26.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Soft pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Soldat.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Solid Converter PDF Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sonic Heroes Rip, 3D Platformer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SpamMonster 1.70.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Spy Emergency 2005 2.0.315.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Spy Stalker 1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).

missmeeka21 · Answer

C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@e-2dj6wjlykgdpmgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@e-2dj6wjnygjazaco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@e-2dj6wjnyskdpwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@e-2dj6wjnysmcjcfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@e-2dj6wjnywicpoko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@tracking.g3x[1].txt -> TrackingCookie.G3x : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-coxcommunications.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-darksideprod.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-directv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-ifilm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-legacy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-suite101.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-uniontrib.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@ehg-fxcm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@ehg-netquote.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Cookies\marlena jones@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Marlena Jones\Local Settings\Temp\Cookies\marlena jones@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@b*s.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@b*s.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

missmeeka21 · Answer

C:\Documents and Settings\Jauan's Desktops\Complete\Music Editing Master 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Music portal templates.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NBA Live 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NFS Most Wanted, Fast.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NFS Most Wanted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\National Lampoons Christmas Vacation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Natura Sound Therapy 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nature Illusion Studio 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Need For Speed Most Wanted Alcohol.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Need For Speed Most Wanted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Need For Speed Most.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nero 7 Plugins Pack Pro 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nero Burning ROM 6.6.0.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NetOp School 4.00.2006026.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\NetScream 1.11.14.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Netsarang Xftp 1.3.0016.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Network Security Tools.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Neverwinter Nights.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\News Interceptor 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\No1 Video Converter 3.9.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\No1 Video Converter 4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Nokia Cellular Phone needs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton AntiVirus 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton Antivirus 2006 Protection Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton Application Removal Tool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton System Works 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton SystemWorks 2006 Premier.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Norton SystemWorks 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Ocean FTP Server 1.0.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Office 12 (2006).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Office XP Standard 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Offline Explorer Enterprise 4.1.2328.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\One Click Ringtone Converter 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Online TV Player 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Opera 8.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Operation Flashpoint Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PC Cillin Internet Security 2005 12.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PC Magazine December 6 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PC Magazine Home Networking Solutions.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PDF Creators All In one.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PTGui 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Paint Shop Pro9.01 Premium.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pamela Professional 1.30.20051109.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Panda Truprevent Personal 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Password Recover 1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Personal Memory Manager 5.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock - Live @ The Jazz Cafe In London.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock - Soul Survivor 1998.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock - Soul Survivor II.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pete Rock- Beat Tape (More Petestrumentals).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Photo2DVD Studio 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PhotoFiltre Studio 7.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pinnacle Studio Plus 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Piotr Banach - Wu-Wei.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Piranesi 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pixarra TwistedBrush 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Plato DVD Ripper 2.32.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Plato Video Converter 3.13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Playboy The Mansion.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Postal 2 Apocalypse Weekend.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Power Video Converter 1.4.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Power Video Converter 1.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PowerArchiver 2006 9.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PowerISO 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\PowerPoint to Flash 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Prince of Persia The Two Thrones.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pro Evolution Soccer 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\ProMT Expert 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\ProxyCap 2.01 & 2.03 Merged.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Public PC Desktop 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Public PC Desktop 2.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Pure Sim Baseball 2005 Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Quake 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\QuickPersonnel 2005 1.5.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\QuickTime Pro 7.0.3.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RAM Saver Pro 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RapidShare Checker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RapidShare Hacks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RapidShare Harvester.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Rapidshare Premium Accounts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Real Jigsaw Puzzle 1.0.6.927.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Real Player 10 Gold.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Recover My Files 3.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Red Eye Remover 1.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\RegDoctor 1.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Registry Compressor 2.01.69.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Registry Repair 2006 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Registry Rescue 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Remote Password Stealer 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Resident Evil 2 The Apocalypse.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Riddick Intermezzo - Dark Fury.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Robots.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Roswell Pinball.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Roxio Easy Media Creator 8 Suite Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Ruslana - Wild Dances (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SAS Anti-Terror Force.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SPSS 13.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SWiSH Studio 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sail Simulator 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Salon Styler Pro 5.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Santa's Slay -2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Search Engine Builder Professional 2.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Search Engine Studio 3.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Selteco Newsletter Sender 2.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Serials DataBase.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sexual Life.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sim City 4 Delux.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sim Girls 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SmartCode VNC Manager Enterprise 3.0.26.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Soft pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Soldat.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Solid Converter PDF Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sonic Heroes Rip, 3D Platformer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\SpamMonster 1.70.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Spy Emergency 2005 2.0.315.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Complete\Spy Stalker 1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).

missmeeka21 · Answer

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:31:47 PM 8/22/2006

+ Scan result:

C:\Documents and Settings\Jauan's Desktops\Local Settings\Temp\Transpd.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\CMAPP\Client\cmappmf.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\CMMan\mfhlp.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\FCAdvice\FCAdvice.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\FCAdvice\FCAdvice.exe -> Adware.CASClient : Cleaned with backup (quarantined).
HKU\S-1-5-21-3494429824-1733773478-4284071441-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3494429824-1733773478-4284071441-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system320nsg70 -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtqron.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Local Settings\Temp\cusbohcn.sys -> Backdoor.Genlot.DX : Cleaned with backup (quarantined).
C:\Program Files\CMAPP\cmappstub.exe -> Downloader.Agent.tf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\compstuih.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
[800] C:\WINDOWS\system32\compstuih.dll -> Downloader.Delf.aeo : Error during cleaning.
C:\WINDOWS\g621826078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[260] C:\WINDOWS\g621826078.dll -> Downloader.Delf.amb : Error during cleaning.
C:\Documents and Settings\Jauan's Desktops\Local Settings\Temporary Internet Files\Content.IE5\6XG3Y1G5\popup[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSWin.exe -> Downloader.Murlo.da : Cleaned with backup (quarantined).
C:\WINDOWS\mkrglka.exe -> Downloader.VB.hj : Cleaned with backup (quarantined).
C:\WINDOWS\fsbjfrf.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\WINDOWS\ihxsbjh.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\WINDOWS\dwjputr.exe -> Dropper.Agent.vl : Cleaned with backup (quarantined).
C:\WINDOWS\tfpnvsv.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anheuserbusch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bet.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@boostmobile.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@gotvmail.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jauan's Desktops\Cookies\jauan's desktops@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

missmeeka21 · Answer

Logfile of HijackThis v1.99.1Scan saved at 7:51:55 AM, on 8/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\LxrSII1s.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\HP\KBD\KBD.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Documents and Settings\Marlena Jones\My Documents\Programs\hijackthis\analyze.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe' O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] 'C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe' O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] 'C:\Program Files\Microsoft ActiveSync\wcescomm.exe' O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [Yahoo! Pager] 'C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE' -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe O20 - Winlogon Notify: h618 - C:\WINDOWS\g621826078.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Virus & Spyware

Was this post helpful?