Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis help

Unread postby inflamesk8r » September 3rd, 2007, 12:03 pm

I just got HijackThis and need some help with the log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:01:14 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TOSHIBA Picture Enhancement Utility] C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4DE7CB-A6A6-4B4B-A313-9811B69D0552}: NameServer = 85.255.115.2,85.255.112.209
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CF3C170-56C4-427A-BBA6-7B1DA729E2FE}: NameServer = 85.255.115.2,85.255.112.209
O17 - HKLM\System\CCS\Services\Tcpip\..\{58C124FA-4688-423F-8191-78D74ACEBCDB}: NameServer = 85.255.115.2,85.255.112.209
O17 - HKLM\System\CCS\Services\Tcpip\..\{79D5BBF0-E228-4C29-ADAF-71C29C52831B}: NameServer = 85.255.115.2,85.255.112.209
O17 - HKLM\System\CCS\Services\Tcpip\..\{866915B1-C5D5-421B-9AFE-ED9E294D34BF}: NameServer = 85.255.115.2,85.255.112.209
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7C78F3B-476C-41E6-9599-59C06391E1D5}: NameServer = 85.255.115.2,85.255.112.209
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.209
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C4DE7CB-A6A6-4B4B-A313-9811B69D0552}: NameServer = 85.255.115.2,85.255.112.209
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.209
O17 - HKLM\System\CS2\Services\Tcpip\..\{2C4DE7CB-A6A6-4B4B-A313-9811B69D0552}: NameServer = 85.255.115.2,85.255.112.209
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.2 85.255.112.209
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 10490 bytes
inflamesk8r
Active Member
 
Posts: 5
Joined: September 3rd, 2007, 11:58 am
Advertisement
Register to Remove

Unread postby Navigator » September 3rd, 2007, 12:27 pm

Hi, inflamesk8er :) Welcome to Malware Removal...

You have a Wareout infection!


Please print these instructions for reference, as you will have to restart your computer during the fix.

Please download FixWareout from Here or Here.

Note: You will need to run this tool while having an Internet Connection. The tool will download other files while running.
  1. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  2. The fix will begin; follow the prompts.
  3. If your firewall gives an alert, (because this tool will download an additional files from the internet), please don't let your firewall block it, but allow it instead.
  4. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
  5. Once the desktop loads a text file will open (report.txt).


Please post the C:\fixwareout\report.txt, along with a new HijackThis log as a reply into this topic.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby inflamesk8r » September 3rd, 2007, 2:54 pm

Here is the log:

Username "Owner" - 09/03/2007 14:40:54 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.2 85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2C4DE7CB-A6A6-4B4B-A313-9811B69D0552}
"nameserver"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4CF3C170-56C4-427A-BBA6-7B1DA729E2FE}
"nameserver"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{58C124FA-4688-423F-8191-78D74ACEBCDB}
"nameserver"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{79D5BBF0-E228-4C29-ADAF-71C29C52831B}
"nameserver"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{866915B1-C5D5-421B-9AFE-ED9E294D34BF}
"nameserver"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A7C78F3B-476C-41E6-9599-59C06391E1D5}
"nameserver"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2C4DE7CB-A6A6-4B4B-A313-9811B69D0552}
"DhcpNameServer"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4CF3C170-56C4-427A-BBA6-7B1DA729E2FE}
"DhcpNameServer"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{58C124FA-4688-423F-8191-78D74ACEBCDB}
"DhcpNameServer"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A7C78F3B-476C-41E6-9599-59C06391E1D5}
"DhcpNameServer"="85.255.115.2,85.255.112.209" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AF100F60-63CD-4007-AB3B-61A9BAC82B48}
"DhcpNameServer"="85.255.115.2,85.255.112.209" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdzpe.exe"
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"TPSODDCtl"="TPSODDCtl.exe"
"TPSMain"="TPSMain.exe"
"TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"
"TosHKCW.exe"="\"C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe\""
"TOSHIBA Picture Enhancement Utility"="C:\\Program Files\\TOSHIBA\\TOSHIBA Picture Enhancement Utility\\TosPEHK.exe"
"TFNF5"="TFNF5.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
inflamesk8r
Active Member
 
Posts: 5
Joined: September 3rd, 2007, 11:58 am

Unread postby Navigator » September 3rd, 2007, 3:08 pm

I need another HJT log also....run after the FixWareout.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby inflamesk8r » September 3rd, 2007, 5:47 pm

Sorry about that here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:45:13 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TOSHIBA Picture Enhancement Utility] C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 9456 bytes
inflamesk8r
Active Member
 
Posts: 5
Joined: September 3rd, 2007, 11:58 am

Unread postby Navigator » September 3rd, 2007, 8:24 pm

I just noticed you are using the BETA version of TrendMicro's HJT....we need you to update to the most recent and approved version:

Remove the HJT program that is now on your computer....then please do this:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby inflamesk8r » September 3rd, 2007, 8:34 pm

Thank you for all your help, here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:37 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TOSHIBA Picture Enhancement Utility] C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 9252 bytes
inflamesk8r
Active Member
 
Posts: 5
Joined: September 3rd, 2007, 11:58 am

Unread postby Navigator » September 3rd, 2007, 8:50 pm

You are welcome....!

Your HJT log looks 'clean'...how is your system running now? Are you still having problems?

Let's do this to clean up and check for other malware:

1. Please re-open HiJackThis and choose scan only. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =


Now close all windows other than HiJackThis, then click Fix Checked.

Reboot your computer.

2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

3. Download and Run AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.

Please post the contents of the report in your reply.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby inflamesk8r » September 3rd, 2007, 11:55 pm

I got everything worked out on my computer, it had a worm. My friend helped me get rid of the worm. Thank you again for all your help.
Here is the scan report anyway:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:00:53 PM 9/3/2007

+ Scan result:



C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP134\A0018728.exe -> Backdoor.EggDrop.v : Cleaned.
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP134\A0018746.exe -> Backdoor.EggDrop.v : Cleaned.
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP136\A0018989.exe -> Backdoor.EggDrop.v : Cleaned.
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP136\A0019008.exe -> Backdoor.EggDrop.v : Cleaned.
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP136\A0019017.exe -> Backdoor.EggDrop.v : Cleaned.
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP136\A0019030.exe -> Backdoor.EggDrop.v : Cleaned.
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP136\A0019039.exe -> Backdoor.EggDrop.v : Cleaned.
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP136\A0019041.exe -> Backdoor.EggDrop.v : Cleaned.
C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP134\A0018730.exe -> Dropper.VB.lu : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@brightcove.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@brightcove.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cupolaventures.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@imeem.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@newmotioninc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[2].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wal4apazefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wclyqjajigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoujc5whp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkygmdjmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyshc5clp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4ajazcdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4ekc5skq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4ojcjglp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlosiazsho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyupajkbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@105-bmp.googleadservices[1].txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-autozone.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-meevee.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-myspaceinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-suite101.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-youtube.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@w116.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@search.live[2].txt -> TrackingCookie.Live : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@auto.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m7muz6f0.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Shared\'Madden NFL 08 [PAL][Wii][English][www.emwreloaded.com].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 23 [1280x720 x264][4007292D] mkv.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 23 [704x400 XviD][AE32ED93] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\(AniRena)[Hauu~] Higurashi no Naku Koro ni Kai 09 (H264 Vorbis)[E3073A12] mkv.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\(AniRena)[Your-Mom] Zero no Tsukaima 2nd Season - 09 XVID [3454FA06] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\(ES) The Kill Point S01E07-08 VOSTFR WS DSR XViD-ELiTE [www.elite-team.net].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\(PC ENG)Freight Tycoon Inc [colombo-bt org].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\(axxo) Poker, you have to know the game to win the game (tomtom) (fxm).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\- Select one -.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\10 Ways You Can Be Happier Right Now [eBook].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\2007 dvdrip.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\224 HandWriting Fonts TTF or OTF 8 5 mb.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\267 Avril Lavigne wallpapers.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\3 doors down - the better life.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\3000 Pictures of VWAudiBMWPorsche ...ALL SORTED...ALL GERMAN.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\301 Brevi Barzellette [PDF - ITA][tntvillage.org].zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\50 Cent - Curtis (2007)(Explicit Version)(320kbps).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\50 Cent - Curtis (Explicit Retail) (No Skipping).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\50 Cent - Curtis (Explicit) (320 KBPS).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\50 Cent - Curtis (Explicit)(Retail)(NO Skipping)(2007)(MorrisVideos com).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\50 Cent Ft Justin Timberlake And Timbaland-Ayo Technology-PROPER-DVDRiP-XViD-2007-RRR.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\50 Cent-Curtis (Clean Album)-2007-CMS.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\77ways To Get Traffic Imediately! pdf.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\8 Complete Encyclopedias + Oxford Thesaurus.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\A proposito di Passepartout 2007-09-02 - Pesca Miracolosa (Philippe Daverio - RAI3 ) avi.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACCU Ripper 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACD FotoAngelo 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACD VideoMagic 1.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDChemSketch Freeware 10.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDSee 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDSee Mobile for Palm OS 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDSee Mobile for Windows Ce 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDSee Photo Editor 4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDSee Photo Manager 9 build 55.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDSee Plugin RoboEnhancer 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDSee Pro Photo Manager .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDSee with WS_FTP PhotoMover 7.0 build 101.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACDZip 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACE (Another C++ Editor) 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACEmessage 11.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACH Wizard 2.2.1906.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACID Music Studio 6.0b build 81.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACID Pro 6.0b build 305.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACME Quick Comparator 2.01.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACMP 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACS Capture 2.11.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACT Anesthesia Clinical Tutor and Calculator 2.12.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACT Key 6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACT Mobile Messenger 2.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACT Password Recovery 1.0c.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACT for Palm OS 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACTc Anesthesia Clinical Tutor and Calculator 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ACiDDraw ANSI Editor 1.25r.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AIO iPod Appz (21 apps) (www softzone org).zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AVG Anti-Virus Professional Edition 7 5 484 Incl Keygen.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcQuest 1120 Solution .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccPlus 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccSmart - Battery Monitoring Utility 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access FTP 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Frontend Loader 1.1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Grader 1.0.04.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Image 5.20.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Key 6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Lock 1.1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Lock 2.9.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access MDE Compiler 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Manager 2.0.56.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Manager 6.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Manager Server 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access MySQL Converter 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access MySql Converter 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Of Speed 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Opener 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Password 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Password 9.0.5352.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Password Cracker 1.0 build 20060201.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Password Recover 1.01 build 20060310#06.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Password Recover 2.01.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Password Recovery Expert 1.0c.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Password Recovery Genie 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Password Recovery Master 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Property Editor 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Remote PC 4.12.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access SQL Query Interface 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access To MySQL 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access Workgroup Password Recovery 1.0b.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access to ASP.NET Wizard 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access to Visual Basic Object Converter 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access-To-Excel Tool 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access-to-MySQL 3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access2MySQL Pro 5.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access2MySQL SYNC 3.8.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access2PostgreSQL Pro 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Access2PostgreSQL Sync 1.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccessAble Help Desk Client Server 2.59.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccessAble Help Desk Pro Edition 2.59.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccessBar 1.1.4 build 218.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccessDesk 8.3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccessFix 5.15.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccessForms2Web (PHP&MySQL Editon) 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccessNFS SMBNFS Gateway 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccessRecovery 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccessTunes .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accessible Web Publishing Wizard for MS Office 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accessor.Launchbar 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio English Dictionary (Mac) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio English Dictionary (Win) 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio French-English Dictionary (Mac) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio French-English Dictionary (Win) 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio French-English Dictionary for iPod (Mac) 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio French-English Dictionary for iPod (Win) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio German-English Dictionary (Mac) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio German-English Dictionary (Win) 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio German-English Dictionary for iPod (Mac) 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio German-English Dictionary for iPod (Win) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Italian-English Dictionary (Mac) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Italian-English Dictionary (Win) 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Italian-English Dictionary for iPod (Mac) 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Italian-English Dictionary for iPod (Win) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Portuguese-English Dictionary (Mac) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Portuguese-English Dictionary (Win) 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Portuguese-English Dictionary for iPod (Mac) 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Portuguese-English Dictionary for iPod (Win) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Spanish-English Dictionary (Mac) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Spanish-English Dictionary (Win) 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Spanish-English Dictionary for iPod (Mac) 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Spanish-English Dictionary for iPod (Win) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accio Spanish-German Dictionary (Win) 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accommres Property Management Software 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accomplice 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accomplice 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccomplishmentTracker 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Buddy (OS X) 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Buddy 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Checker 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Manager 2005.01.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Master 2006 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Monitor 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Pro 8.3.120.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Pro Invoice 2.0.321.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Safe 1.08.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account Xpress 3.3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account! 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account&See Invoicing 2.9.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Account&See Professional Invoicing & Accounting 3.0.18.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccountExact 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccountLogon 2.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccountVault 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accounting Software Visual Basic Source 5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accounts 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accounts Financials 4.3.28.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accounts and Budget 5.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accounts and Loans 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccountsVision 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accox 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accu-Type 4.1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accu-reading 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccuBell Talking Caller ID 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccuChef 6.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccuHash 2.0.18 build 147.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccuPOSSabrePoint Point of Sale 3.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccuPlan 1.94.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AccuSplit 4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accum 8.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accuracer Database System 4.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accurate Monitor for Search Engines 2.5.26.85.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accurate Network Monitor 1.31.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accurate Outlook Express Mail Expert 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accurate Spam for Outlook Express Personal Edition 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Accurate Times 5.1.11.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace CD Burner 1.32.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Clock XP 20.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Contact Manager 6.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Currency Calculator 1.2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace DVD Audio Extractor 1.2.26.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace DVD Backup SE 1.2.32.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Explorer 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace File Search 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace MP3 Ripper 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace MP3 To WAV Converter 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Password Guard 3.61a.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Poster 1.23.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Pro Screensaver Creator 2.52.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Screen Capture 2.15.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace ScreenSaver 2.41.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Spam Scram 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Utilities 3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Ventura demo .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Video Workshop 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace WINScreen 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace Zip 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace the CSET Multiple Subjects 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Ace-High MP3 WAV WMA OGG Converter 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceBackup 2.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceEncrypt 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceFTP 3.72.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceFTP Pro 3.72.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceFixtures for Premier League 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceHTML Freeware build 10.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceHTML Pro 6.50.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceHTMLReports Lite 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceHide 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceISO 2005.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceIT Calculator 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceIT Calculator Deluxe 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceIT Grapher 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceIT Math Toolkit 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceKeyboard 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceMenu Creator 3.6.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceMoney 3.9.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceMoney Lite 3.9.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcePlanner 1.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceReader (Classic) 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceReader 4.7c.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceReader Pro 2.9b.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceReader Pro 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceReader Pro Deluxe 2.9b.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceReader Pro Deluxe 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceReader Pro Deluxe Network 2.9b.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceSpeeder 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceSpy Spy Software 3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AceText 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acertijos para Genios 1.1a.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Blackjack 1.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Blackjack 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces High II client 2.01.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces High II v2.00.10 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Omaha - No Limit 1.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Omaha - No Limit 1.3.11.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Omaha - No Limit 1.3.12.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Omaha - No Limit 1.3.8.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Texas Hold'em - Limit 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Texas Hold'em - Limit 1.3.11.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Texas Hold'em - Limit 1.3.12.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Texas Hold'em - Limit 1.3.8.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Texas Hold'em - No Limit (BlackBerry) 1.25.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Texas Hold'em - No Limit 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Texas Hold'em - No Limit 1.3.11.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Texas Hold'em - No Limit 1.3.12.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Texas Hold'em - No Limit 1.3.8.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Tournament Timer - Texas Hold'em 1.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Tournament Timer - Texas Hold'em 1.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Aces Tournament Timer - Texas Hold'em 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acez All Audio Converter 3.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acez CD Ripper 2.28.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acez MP3 WAV Converter 3.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Achieve Planner 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Achilles Manager 0.05.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Achtung Spitfire! 1.12 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Achtung Spitfire! 1.15 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Achtung Spitfire! demo .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Achtung Spitfire! to version 1.14 .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acid Daze Two .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acid Dreams 2.33.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acid XPress 5.0a build 152.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acid-Base Titration 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcidFreecell 1.5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcidFreecell 4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcidImage 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcidImage Basic 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcidImage Pro 3.02.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcidSolitaire 1.5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcidSolitaire 4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcidSpider 1.08.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcidSpider 1.5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acky's XP Breakout 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acky's XP Breakout 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acky's XP Breakout 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AclickStat 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acme Auctions 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acme CAD Converter 6.71.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acme CADPacker 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acme CADSee 4.81.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acme Photo ScreenSaver Maker 1.9.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acme Rapidtype 3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acmeta Fragmento 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acne Free - The Natural Way 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acne Free And Glowing Skin 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoo Browser 1.52 build 676.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustic Labs Audio Editor 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustic Labs Multitrack Plus 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustic Labs Multitrack Recorder 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustica 3.3 build 298.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustica Audio Converter Pro 1.0 b22.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustica Beatcraft 1.02 build 15.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustica CDDVD Label Maker 2.55.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustica MP3 Audio Mixer 2.46.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustica MP3 CD Burner 4.11 build 121.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustica MP3 To Wave Converter Plus 1.0 b22.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustica Mixcraft 2.5 build 50.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acoustica Photos Forever 1.0 build 13.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcqURL 7.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acquisition 130.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acres Of Gold 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acres Of Gold 7.0.14.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acritum Batch Processor 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acritum Exif2htm 1.02 release.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acritum One-click BackUp for WinRAR 2.14.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcroBatch 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcroPDF 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcroPlot Pro 2006 2006.05.14.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acrobat 6 SpeedUp 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acrobat Password Recovery Key 6.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acrobat Reader (Mac) 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acrobat Reader 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis Disk Director Server 10.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis Disk Director Suite 10.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis Drive Cleanser 6.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis Migrate Easy 7.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis Power Utilities 2004.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis Privacy Expert Corporate 8.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis Privacy Expert Suite 8.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis Privacy Expert Suite 9.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis Snap Deploy 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis True Image Enterprise Server 9.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis True Image Home 10.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis True Image Server for Windows 8.0 build 850.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acronis True Image Workstation 9.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acrony 1.1a.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcronymGenie 4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acropolis 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Across Lite Mobile 1.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Across The DeskTop 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acrylic DNS Proxy 0.9.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\AcsSoft Photo Movie Album 8.1C.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Act 2000 Update 5.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Act 7.0.399.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Act History & Pop-Up Killer & Web Content Filter 4.03.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Act Pop-Up Blocker--Ads & Web Content Filter 3.67.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Act in Time to Heart Attack Signs 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Act of War Direct Action demo .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Act of War High Treason demo .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Acta Importer for Spotlight 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiCalc Desktop Calculator 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiSetup 2005.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiVideo DLL 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiVideo OCX 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action Ball Deluxe 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action DVD Player 2.6.9.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action Files 1.5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action GoMac 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action Is .zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action Poker 6.48.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action Process Automator 4.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action Reminder 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action Script Viewer 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action Solitaire 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Action WheelRacer 2.06.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionBible 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionDrums 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionItems Lite 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionItems Pro 2.5.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionMemory 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionOutline Lite 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionOutline Pro 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionRecorder 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionScrambler 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionTab Volume One 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActionXP 5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActivEdit HTML Editor Plug-in 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActivatorDesk (Blogger-Dot-Kids) 6.0.0.16.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActivatorDesk Enterprise Desktops Controller 6.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Activbax Anime Zodiak Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Activbax Bikini Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Activbax Cats Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Activbax Forest Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Administrator 4.04.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Audio Record 2.0.2006.918.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active BI Portal Manager 3.1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Backup Expert Pro 1.93.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Ball 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Calculator 2.0.2004.1215.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active CallerID 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active CallerID 2.52.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Chinese 6.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Clock 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Clouds Screensaver 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Control Pak 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active DHTML Drop Down JavaScript Menu 4.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active DHTML Multi Level Drop-Down Menu 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active DJ Studio 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active DWG DXF Converter 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Dashboard 2.3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Delivery 3.00.01.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Desktop Calendar 6.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Directory Design Advisor 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Directory Janitor 2.0.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Directory Mate 0.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Directory Network Manager 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Disk Image (DOS Edition) 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Distribution Console 3.99p.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active File Compare 1.7.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active GIF Creator 2.23.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active HTML 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Image 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Image Processing Component 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Image Viewer 4.7.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Jellyfish Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Key Logger 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Keyboard 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Keys 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Lancer 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Link Exchange 1.33.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active MediaMagnet 5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Multiwallpaper Changer 3.6.9 build 351.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active NTFS Reader for DOS 1.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Network Monitor 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Partition Recovery 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Password Changer 3.0.028.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Phone Server 9.18.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Port Pro 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Ports 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Power Management Lite 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Printer 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Privacy Guardian Washer 1.57.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Puzzles 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Query Builder 1.5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Query Builder Component Suite 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Request Engine 3.3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active SMART 2.42 build 4.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Screensaver Builder 4.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Scrolling Text & News Scroller 4.7.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Search Engine 2.6.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Shield 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Software Tutor 2.03a.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Sound Recorder 1.4.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Sound Studio 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Studio 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Submit 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active SuperStore 3.5 build 3.5.07.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active System Locker 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active TTS Component 3 build 2006.718.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Timer for Windows 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active To-Do List 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Tray 2.2 build 5.1028.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Typing Tutor 4.70 build 286.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Undelete--Data Recovery 5.1.019.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Uneraser 3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Visitor 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active WallPaper 1.0.9.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Web Promotion 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Web Reader 2.45.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Web Reader Customizer 1.24.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active WebCam 7.6.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active WebMenu 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active WebTraffic 8.0.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Whois 3.0.4403.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Whois plugin for Firefox 1.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active Work Tracker 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active ZDelete 4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active@ Boot Disk 2.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active@ Eraser 4.1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active@ File Recovery 7.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\Active@ Kill Disk - Hard Drive Eraser 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveActions 1.21.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveBarcode 5.55.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveBlue ActiveX Control 1.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveBypass 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveCandy 3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveCaptionActive Pop-Up Defense 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveCheckout 1.2.153.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveCipher for MSSQL Server 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveClick 2.0e.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveConverter Component 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveCredit 1.0.0.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveData for Excel 2.0.138.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveDeveloper 2.10.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveDeveloper 2.17.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveDiary 3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveDrawer 1.7.3.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveEarth 2.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveExit XP Edition 3.21.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveFax Server 3.94 build 0212.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveFile 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned.
C:\Documents and Settings\Owner\Shared\ActiveFiler 2.z
inflamesk8r
Active Member
 
Posts: 5
Joined: September 3rd, 2007, 11:58 am

Unread postby Navigator » September 4th, 2007, 1:40 pm

inflamesk8r wrote:I got everything worked out on my computer, it had a worm. My friend helped me get rid of the worm. Thank you again for all your help.


Are you sure? I'm not so certain....

The AVG scan showed heavy infiltration with worm/VB.dw...and now that we've identified the problem (you can read about it here: http://www.avira.com/en/threats/section ... vb.dw.html ) I would recommend that you check a few more things...

Looking back over your HJT log, I now have questions regarding this entry:

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto


This is not the expected location for the outlook.exe file...and it appears that it is related to the Worm infection....it is almost certainly 'bad'.

I would strongly recommend that you do the following:

1. There are some files I'd like to get analyzed:


    C:\Program Files\outlook\outlook.exe


Just to be safe, go to this site and have it scan them:
Jotti virus scan

Use the Browse button at Jotti, navigate to the file's location on your hard drive and submit them one at a time.

Let me know the results.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby askey127 » September 14th, 2007, 7:21 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware