Greetings.
First of all, i'm sorry if im posting this in the wrong section.
I got this popup warning from ESET NOD32 Antivirus, everytime i plug in any USB Device that have a storage, (memory stick,USB Pendrive,even my MP4 player! ) And really annoying,
because it will pop out every 2 seconds. So i guess this 'worm' is 'undeleteable' by the AV that im using.
Here is my HJT log and DSS log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:05, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.thegreatforum.org/index.php?act=SearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{AE46D582-8910-4014-932E-84467623E994}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: prio.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
--
End of file - 7216 bytes
Deckard's System Scanner v20071014.68
Run by Wonderboy on 2008-08-02 07:28:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Unable to create WMI object; The operation completed successfully.
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.58 GiB (less than 15%) free.-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-02 07:31:38
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wonderboy\My Documents\Downloads\Programs\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.microsoft.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.thegreatforum.org/index.php?act=SearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.com/keyword/%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.microsoft.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie_rsearch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options Group: [TABS] Tabbed Browsing
O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE46D582-8910-4014-932E-84467623E994}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: prio.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
--
End of file - 9214 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70.txt - txtfile - shell\open\command - C:\WINDOWS\notepad.exe %1.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R2 CamthWDM (WebcamMax, WDM Video Capture) - c:\windows\system32\drivers\camthwdm.sys <Not Verified; YewSoft; Cam Theme>
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys <Not Verified; ; ATK0110 ACPI Utility>
R3 RTLE8023xp (Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver) - c:\windows\system32\drivers\rtenicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>
S1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
S3 ZSMC302 (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 astcc (AST Service) - "c:\windows\system32\astsrv.exe" <Not Verified; Nalpeiron Ltd.; Nalpeiron License Management>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_058F&PID_6362\058F312D81B
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_058F&PID_6362\058F312D81B
Service: USBSTOR
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_81EF1043&REV_14\3&61AAA01&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_81EF1043&REV_14\3&61AAA01&0&A0
Service:
-- Files created between 2008-07-02 and 2008-08-02 -----------------------------
2008-08-01 12:40:39 0 d-------- C:\Program Files\viDrop
2008-08-01 07:46:53 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-31 10:25:13 0 d-------- C:\Program Files\Ninja
2008-07-31 08:45:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-31 08:03:05 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-30 20:38:50 0 d-------- C:\Program Files\MP3 Player Utilities 1.48
2008-07-29 11:18:48 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-07-29 10:57:17 0 d-------- C:\Program Files\Consumer Update Firmware
2008-07-29 10:27:51 0 d-------- C:\Program Files\AVIConverter
2008-07-27 20:40:02 0 d-------- C:\Program Files\Free PDF to Word Doc Converter
2008-07-27 18:41:36 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-07-25 10:59:22 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-25 10:59:16 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-07-25 10:59:10 0 d--h----- C:\Program Files\CanonBJ
2008-07-23 05:25:49 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-20 19:51:10 0 d-------- C:\Program Files\MyCD
2008-07-20 10:31:19 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-07-20 10:30:56 0 d-------- C:\Program Files\EclipseCrossword
2008-07-18 02:58:41 0 d-------- C:\Program Files\PF3DEN
2008-07-12 08:13:19 0 d-------- C:\Program Files\OpenDNS Updater
2008-07-10 10:09:11 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Lingoes
2008-07-10 10:09:01 0 d-------- C:\Program Files\Lingoes
2008-07-08 21:16:37 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Ulead Systems
2008-07-08 21:16:17 25 ---h----- C:\WINDOWS\koo.dat
2008-07-08 21:16:07 1056768 -----n--- C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic 2000>
2008-07-08 21:16:07 49152 -----n--- C:\WINDOWS\system32\INETWH32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-07-08 21:15:59 0 d-------- C:\Program Files\Ulead Systems
2008-07-08 21:15:59 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-07-08 21:15:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-08 10:46:10 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Thinstall
2008-07-08 02:04:17 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\GeoVid
2008-07-07 16:56:51 0 d-------- C:\Program Files\Common Files\GeoVid
2008-07-07 16:56:51 0 d-------- C:\Documents and Settings\All Users\Application Data\GeoVid
2008-07-07 16:56:50 1712128 --a------ C:\WINDOWS\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-07 16:56:50 60416 --a------ C:\WINDOWS\system32\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-07-07 16:56:49 0 d-------- C:\Program Files\GeoVid
2008-07-07 05:26:12 0 d-------- C:\Program Files\Electric Rain
2008-07-06 07:53:41 0 d-------- C:\Program Files\Apophysis 2.0
2008-07-04 08:49:37 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\uTorrent
-- Find3M Report ---------------------------------------------------------------
2008-08-02 07:29:00 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\foobar2000
2008-08-02 07:26:07 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\DMCache
2008-08-02 02:59:51 0 d-------- C:\Program Files\SDO-X
2008-08-01 19:37:58 0 d-------- C:\Program Files\Java
2008-08-01 08:47:46 0 d-------- C:\Program Files\Crack Downloader v2.2
2008-08-01 07:49:15 0 d-------- C:\Program Files\Common Files\Stardock
2008-07-31 10:21:54 0 d-------- C:\Program Files\USB Disk Security
2008-07-31 08:03:05 0 d-------- C:\Program Files\Common Files
2008-07-28 11:06:21 0 d-------- C:\Program Files\GVR
2008-07-20 10:31:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-13 06:33:47 0 d-------- C:\Program Files\Topaz Labs LLC
2008-07-09 02:36:04 0 d-------- C:\Program Files\Internet Download Manager
2008-07-07 05:26:01 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-04 08:49:39 0 d-------- C:\Program Files\utorrent
2008-07-02 14:42:56 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Adobe
2008-07-02 06:47:42 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Wildfire
2008-06-28 04:42:25 0 d-------- C:\Program Files\4PLAY 4
2008-06-28 04:37:33 302352 --a------ C:\WINDOWS\system32\MSWNG300.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-06-25 05:13:25 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-23 17:19:42 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Tiffen
2008-06-23 13:54:55 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Topaz Moment
2008-06-23 13:35:21 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Mobipocket
2008-06-23 13:33:39 0 d-------- C:\Program Files\Mobipocket.com
2008-06-23 13:32:45 0 d-------- C:\Program Files\Packard Mobile
2008-06-23 03:56:52 0 d-------- C:\Program Files\Recipe Keeper Plus 7.0
2008-06-23 03:56:37 1906 --a------ C:\Program Files\Recipe Keeper Plus 7.0.lnk
2008-06-21 06:14:42 0 d-------- C:\Program Files\LeeGTs Games
2008-06-19 23:19:33 0 d-------- C:\Program Files\DCETools
2008-06-18 05:50:26 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Mozilla
2008-06-17 14:25:52 0 d-------- C:\Program Files\Stardock Games
2008-06-17 07:24:53 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-17 07:19:05 0 d-------- C:\Program Files\Atari
2008-06-16 19:25:10 0 d-------- C:\Program Files\Unity
2008-06-16 18:49:27 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\IDM
2008-06-16 18:42:00 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-16 18:41:58 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Real
2008-06-16 05:25:58 33 --a------ C:\WINDOWS\system32\grecorder.dll
2008-06-15 04:57:00 0 d-------- C:\Program Files\MKVTOAVI
2008-06-15 04:51:41 0 d-------- C:\Program Files\QuickTime
2008-06-15 04:51:39 0 d-------- C:\Program Files\Xilisoft
2008-06-15 01:09:47 0 d-------- C:\Program Files\TechSmith
2008-06-15 01:08:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 00:00:04 0 d-------- C:\Program Files\Amadis Software
2008-06-14 18:13:40 0 d-------- C:\Program Files\Watermark Factory 2
2008-06-14 04:40:37 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\funkitron
2008-06-13 18:37:38 0 d-------- C:\Program Files\Team JPN
2008-06-12 16:41:31 0 d-------- C:\Program Files\7-Zip
2008-06-11 17:11:19 0 d-------- C:\Program Files\CDisplay
2008-06-11 05:08:59 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-06-10 19:55:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-10 02:59:05 0 d-------- C:\Program Files\WebcamMax
2008-06-10 02:58:14 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Webcammax
2008-06-08 23:02:18 0 d-------- C:\Program Files\Monopoly Tycoon
2008-06-08 20:05:47 0 d-------- C:\Program Files\TQ Defiler
2008-06-07 16:58:16 1140 --a------ C:\WINDOWS\mozver.dat
2008-06-07 01:11:17 0 d-------- C:\Program Files\plasq
2008-06-06 23:49:23 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Sun
2008-06-05 23:20:16 0 d-------- C:\Program Files\Vimicro
2008-06-04 20:41:51 0 d-------- C:\Program Files\ZD Soft
2008-06-03 14:21:32 0 d-------- C:\Program Files\THQ
2008-06-03 14:18:25 0 d-------- C:\Program Files\UltraISO
2008-06-03 14:18:25 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-06-03 14:01:23 0 d-------- C:\Program Files\MagicISO
2008-06-03 13:05:55 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-03 13:05:49 0 d-------- C:\Program Files\Microsoft Expression
2008-06-03 12:31:13 0 d-------- C:\Program Files\Pegtop
2008-06-03 11:59:12 0 d-------- C:\Program Files\Book of Destiny 3.0
2008-06-03 11:58:48 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-06-03 03:12:57 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\xtools
2008-06-03 02:44:51 0 d-------- C:\Program Files\Pixel Creator Pro v4.0
2008-06-02 10:47:52 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Ludia
2008-06-02 10:46:49 0 d-------- C:\Program Files\Hells Kitchen
2008-06-02 09:59:00 0 d-------- C:\Documents and Settings\Wonderboy\Application Data\Media Player Classic
2008-06-02 02:44:39 0 d-------- C:\Program Files\Yahoo!
2008-05-29 18:43:01 17 --a------ C:\WINDOWS\popcinfo.dat
2008-05-29 07:10:22 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-29 07:05:53 8 -r-hs---- C:\WINDOWS\system32\EBC5010B81.sys
2008-05-24 13:14:43 317 --a------ C:\Program Files\foobar2000.lnk
2008-05-24 00:37:37 62 --ahs---- C:\Documents and Settings\Wonderboy\Application Data\desktop.ini
2008-05-23 19:54:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-23 19:22:44 62633 --a------ C:\WINDOWS\prio197uninstall.exe
2008-05-23 19:21:04 2160 --a------ C:\WINDOWS\system32\unins000.dat
2008-05-23 19:21:01 635337 --a------ C:\WINDOWS\system32\unins000.exe <Not Verified; ; Inno Setup>
2008-05-23 19:16:48 0 -rahs---- C:\MSDOS.SYS
2008-05-23 19:16:48 0 -rahs---- C:\IO.SYS
2008-05-23 19:16:48 0 --a------ C:\CONFIG.SYS
2008-05-23 19:16:48 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 19:15:00 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 15:49]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 00:43]
"nwiz"="nwiz.exe" [06/29/2007 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 00:43]
"RTHDCPL"="RTHDCPL.EXE" [03/21/2007 02:19 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:13 C:\WINDOWS\ALCMTR.EXE]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [06/09/2004 18:07]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\wcmmon.exe" [09/16/2007 13:15]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [07/12/2008 09:12]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [02/20/2008 11:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 16:28]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/02/2007 01:49]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [05/24/2008 10:03]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 15:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 20:13]
"kava"="C:\WINDOWS\system32\kavo.exe" []
"Lingoes"="C:\Program Files\Lingoes\Translator2\Lingoes.exe" [07/07/2008 08:55]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"StartMenuFavorites"=0 (0x0)
"Start_ShowHelp"=0 (0x0)
"Start_ShowMyComputer"=1 (0x1)
"Start_ShowMyDocs"=1 (0x1)
"Start_ShowMyMusic"=0 (0x0)
"Start_ShowRun"=1 (0x1)
"Start_ShowSearch"=1 (0x1)
"Start_ShowNetConn"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoSMConfigurePrograms"=0 (0x0)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoRecentDocsMenu"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoSMConfigurePrograms"=0 (0x0)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 12/21/2005 05:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=prio.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger="C:\PROGRAM FILES\SYSINTERNALS\PROCEXP.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts SSDPSRV
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e54c7a3-3e13-11dd-8b78-001d602922bd}]
AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ipse32.exe
open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ipse32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81cad7b6-4405-11dd-8b79-001d602922bd}]
AutoRun\command- I:\lgrncie.bat
explore\Command- I:\lgrncie.bat
open\Command- I:\lgrncie.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d120d9-503a-11dd-8b7e-001d602922bd}]
AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2dfae45-2b46-11dd-8b6a-001d602922bd}]
AutoOpen\command- .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2ef41d4-5556-11dd-8b80-001d602922bd}]
AutoRun\command- I:\photos.zip.exe %1
Explore\command- I:\photos.zip.exe %1
Open\command- I:\photos.zip.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f92bf083-5bcd-11dd-8b82-001d602922bd}]
AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
-- Hosts -----------------------------------------------------------------------
127.0.0.1 mpa.one.microsoft.com
-- End of Deckard's System Scanner: finished at 2008-08-02 07:33:28 ------------
I hope someone can help me to destroy this bugging worm .
TQ.
Anyone ever occured this?, Win32/AutoRun.KS.worm 
Aug 2 2008, 08:35 AM
because it will pop out every 2 seconds. So i guess this 'worm' is 'undeleteable' by the AV that im using. 
