TheTechGuide Forum

General Category => Tech Clinic => Topic started by: linz19838 on May 28, 2006, 01:30:30 PM

Title: Alcan.A virus
Post by: linz19838 on May 28, 2006, 01:30:30 PM
I have this Alcan.A virus and I don't know what to do to remove it. Could someone help me? Here is my HijackThis log:



Logfile of HijackThis v1.99.1
Scan saved at 2:16:25 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Documents and Settings\Lindsay\Application Data\Aladdin Systems\StuffIt\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.type2find.com/sp2.php (http://\"http://www.type2find.com/sp2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsu.edu/ (http://\"http://www.bsu.edu/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (http://\"http://www.emachines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsu.edu/ (http://\"http://www.bsu.edu/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=??? ???   ??? ? ? ?????
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,uigtatl.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lindsay\Application Data\Mozilla\Profiles\default\c2ojybi9.slt\prefs.js)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup Trial\compind.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [rbxxpgdw] C:\WINDOWS\System32\rbxxpgdw.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [w041d7a6.dll] RUNDLL32.EXE w041d7a6.dll,I2 001104680041d7a6
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinlqez.exe GID003
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Egrxhy] C:\Program Files\Common Files\??sks\r?gedit.exe
O4 - HKCU\..\Run: [zriu] C:\PROGRA~1\COMMON~1\zriu\zrium.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab (http://\"http://www.worldwinner.com/games/v40/mines/mines.cab\")
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab (http://\"http://www.musicnotes.com/download/mnviewer.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab\")
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab (http://\"http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab\")?
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab (http://\"http://www.worldwinner.com/games/v46/brickout/brickout.cab\")
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab (http://\"http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab\")
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll (http://\"http://www.otxresearch.com/OTXMedia/OTXMedia.dll\")
O16 - DPF: {4EA7C4C5-C5C0-4F5C-A008-8293505F71CC} (CodeSupport Control) - http://www.xcp-aurora.com/clients/SoftwareUpdate.cab (http://\"http://www.xcp-aurora.com/clients/SoftwareUpdate.cab\")
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx (http://\"http://www.webshots.com/samplers/WSDownloader.ocx\")
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab (http://\"http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137857054515 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137857054515\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab (http://\"http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab (http://\"http://www.worldwinner.com/games/v45/sol/sol.cab\")
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab (http://\"http://www.worldwinner.com/games/v49/haunted/haunted.cab\")
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab (http://\"http://www.worldwinner.com/games/v61/swapit/swapit.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v40/hangman/hangman.cab\")
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\p4p6le7s1h.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGluZHNheQ\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Thanks!
Title: Alcan.A virus
Post by: guestolo on May 28, 2006, 01:47:54 PM
I need to see 2 logs from you please, but first
Redownload Hijackthis 1.99.1 from my signature below and save it too a permanent folder of it's own
on your harddrive
ONLY run hijackthis from this new location

Afterwards, open Hijackthis.exe>>>Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST.. button
Save the list to your desktop

Also, Download the latest version of Look2Me-Remover.exe (http://\"http://www.atribune.org/ccount/click.php?id=7\") by Atribune
and save it to your desktop

* Close all windows before continuing.
      * Double-click Look2Me-Remover.exe to run it.
      * Put a check next to Run this program as a task.
      * You will receive a message saying Look2Me-Remover will close and re-open in 1 minute. Click OK
      * When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
      * Once it's done scanning, click the Remove L2M button.
      * You will receive a Done Scanning message, click OK.
      * When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
      * Your computer will then shutdown.
      * After it has completed the shutdown>>Turn your computer back on.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX (http://\"http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX\")

Post the report from Look2Me-Destroyer, which may be found on your desktop or at C:\Look2Me-Destroyer.txt along with the uninstall list from Hijackthis
Title: Alcan.A virus
Post by: linz19838 on May 28, 2006, 02:30:54 PM
Thanks, here is the uninstall list from HijackThis:

56Kbps Internal Modem
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe InDesign CS
America Online
AOL Instant Messenger
BigFix
ccCommon
Clever Island Link
CompuServe
Cypress USB Mass Storage Driver Installation
ewido anti-malware
FinePixViewer Ver.4.3
FUJIFILM USB Driver
HijackThis 1.99.1
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
HP Software Update
ICQ
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_04
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash Player 8
Macromedia Shockwave Player
MegaStat 9.1
Microsoft Data Access Components KB870669
Microsoft Excel Viewer 97
Microsoft Interactive Training
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office XP Media Content
Microsoft Works 6.0
Napster
Napster Burn Engine
Netscape (7.2)
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Norton WMI Update
Picasa 2
PowerDVD
ProSavageDDR and Utilities
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Shockwave
SPBBC
StuffIt Standard
Symantec
Symantec Script Blocking Installer
SymNet
Titanic
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
USB Storage Adapter FX (SM1)
Viewpoint Media Player
WeatherBug
Webshots Desktop
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
XoftSpy



and here is the Look2Me-Destroyer Repot:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/28/2006 2:55:07 PM

Infected! C:\WINDOWS\system32\p4p6le7s1h.dll
Infected! C:\WINDOWS\system32\jtrq0795e.dll
Infected! C:\WINDOWS\system32\p4p6le7s1h.dll
Infected! C:\WINDOWS\system32\xXctsrv.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\p4p6le7s1h.dll
C:\WINDOWS\system32\p4p6le7s1h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jtrq0795e.dll
C:\WINDOWS\system32\jtrq0795e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p4p6le7s1h.dll
C:\WINDOWS\system32\p4p6le7s1h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\xXctsrv.dll
C:\WINDOWS\system32\xXctsrv.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8C7765FF-5224-4A15-BC36-C44A5984EC1E}"
HKCR\Clsid\{8C7765FF-5224-4A15-BC36-C44A5984EC1E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{35B09F6D-A555-4E42-A9E7-B50F122E9A72}"
HKCR\Clsid\{35B09F6D-A555-4E42-A9E7-B50F122E9A72}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
Title: Alcan.A virus
Post by: guestolo on May 28, 2006, 03:09:40 PM
Good work

Can I have you remove the Ewido Guard please
Open Ewido>>Under the main page, under "Additional>>Remove Guard
This will require a reboot, do so
DO NOT uninstall the program Ewido itself, we will need it in a bit

Back in Windows
Can you disable Norton's Script blocking please until after we have you totally clean, it may, and probably will interfere with any other fixes we try
   1. Start Norton AntiVirus.
      If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
   2. Click Options.
      If you see a menu, click Norton AntiVirus.
   3. In the left pane, click Script Blocking.
   4. In the right pane, uncheck Enable Script Blocking (recommended).
   5. Click OK.



Please download [color=\"red\"]Brute Force Uninstaller[/color] (http://\"http://www.merijn.org/files/bfu.zip\")[/b] to your desktop. (rightclick on this link and choose save as, if using IE save target as)
Title: Alcan.A virus
Post by: linz19838 on May 28, 2006, 06:11:10 PM
Ok, I did that, and here is the new logfile:

Logfile of HijackThis v1.99.1
Scan saved at 7:06:38 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Picasa2\wUninstall.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.type2find.com/sp2.php (http://\"http://www.type2find.com/sp2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsu.edu/ (http://\"http://www.bsu.edu/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (http://\"http://www.emachines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsu.edu/ (http://\"http://www.bsu.edu/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=??? ???   ??? ? ? ?????
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lindsay\Application Data\Mozilla\Profiles\default\c2ojybi9.slt\prefs.js)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup Trial\compind.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [rbxxpgdw] C:\WINDOWS\System32\rbxxpgdw.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [w041d7a6.dll] RUNDLL32.EXE w041d7a6.dll,I2 001104680041d7a6
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinlqez.exe GID003
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Egrxhy] C:\Program Files\Common Files\??sks\r?gedit.exe
O4 - HKCU\..\Run: [zriu] C:\PROGRA~1\COMMON~1\zriu\zrium.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinlqez.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab (http://\"http://www.worldwinner.com/games/v40/mines/mines.cab\")
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab (http://\"http://www.musicnotes.com/download/mnviewer.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab\")
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab (http://\"http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab\")?
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab (http://\"http://www.worldwinner.com/games/v46/brickout/brickout.cab\")
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab (http://\"http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab\")
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll (http://\"http://www.otxresearch.com/OTXMedia/OTXMedia.dll\")
O16 - DPF: {4EA7C4C5-C5C0-4F5C-A008-8293505F71CC} (CodeSupport Control) - http://www.xcp-aurora.com/clients/SoftwareUpdate.cab (http://\"http://www.xcp-aurora.com/clients/SoftwareUpdate.cab\")
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx (http://\"http://www.webshots.com/samplers/WSDownloader.ocx\")
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab (http://\"http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137857054515 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137857054515\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab (http://\"http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab (http://\"http://www.worldwinner.com/games/v45/sol/sol.cab\")
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab (http://\"http://www.worldwinner.com/games/v49/haunted/haunted.cab\")
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab (http://\"http://www.worldwinner.com/games/v61/swapit/swapit.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v40/hangman/hangman.cab\")
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGluZHNheQ\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Title: Alcan.A virus
Post by: guestolo on May 28, 2006, 07:11:32 PM
Let's try and rid you of the remainder of the problems

==Please download miekiemoes' LQfix batch here:
http://users.telenet.be/bluepatchy/miekiem...tools/LQfix.zip (http://\"http://users.telenet.be/bluepatchy/miekiemoes/tools/LQfix.zip\")
(rightclick on this link and choose save as, if using IE save target as)
Save it too desktop
# Right click the LQFix.zip on your desktop, and choose Extract All
Extract it too your Desktop so you have LQFix.bat unzipped
Do NOT run this yet

==[color=\"#CC0000\"]RIGHT CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/alcanshorty.bfu\")
 and choose "Save As" (in IE it's "Save Target As") in order to download  [color=\"#3333FF\"]Alcanshorty.bfu[/color].
Save it in the folder you made earlier (C:\BFU)
So you now have C:\Bfu\alcanshorty.bfu

==Open Ewido
From the main ewido screen, click on Update in the left menu, then click the Start update button.
If for some reason the auto updater won't work
Close Ewido and
Please manually update from this link
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")

==Download and install Windows CleanUp! 4.5.1 (http://\"http://www.stevengould.org/downloads/cleanup/CleanUp451.exe\")
Don't run this yet

Please save the rest of these instructions to a Notepad file and save it to your Desktop for reference
and/or Print them out!

Access your add/remove programs via control panel
Remove J2SE Runtime Environment 5.0 Update 3
and
Java 2 Runtime Environment, SE v1.4.2_04
We will update your Java later to the latest version for security reasons

Remove the following if you didn't intentionally install them
Viewpoint Media Player
WeatherBug

Remove Xoftspy if you didn't Pay for the program
The free version won't remove the items found unless you pay for the product
You don't need too.

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
Sign in with your normal user account
In safe mode

Go to START>>RUN>>copy and paste or type in exactly into the open field the following commands below in bold

sc stop cmdService
Hit OK
Then this one

sc delete cmdService
Hit OK

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
NOTE: When you first run cleanup, it may prompt to run in demo mode, decline it as we want to run the actual cleanup on your computer
When it's done>>Click Close
DECLINE to Log off or Restart the computer

=Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to alcanshorty.bfu in the C:\BFU folder
Right click alcanshorty.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.

=Double click on LQFix.bat on your desktop
A dos window will open and then close, this is normal

=Open Ewido anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

Do a "System scan only" with Hijackthis and put a check next to these entries:
Note: Most won't be found if everything went ok earlier, but tick any of the below that you see

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.type2find.com/sp2.php (http://\"http://www.type2find.com/sp2.php\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=??? ??? ??? ? ? ?????

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [rbxxpgdw] C:\WINDOWS\System32\rbxxpgdw.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [w041d7a6.dll] RUNDLL32.EXE w041d7a6.dll,I2 001104680041d7a6
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinlqez.exe GID003
O4 - HKCU\..\Run: [Egrxhy] C:\Program Files\Common Files\??sks\r?gedit.exe
O4 - HKCU\..\Run: [zriu] C:\PROGRA~1\COMMON~1\zriu\zrium.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinlqez.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab (http://\"http://wdownload.weatherbug.com/minibug/tr...Transporter.cab\")?
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll (http://\"http://www.otxresearch.com/OTXMedia/OTXMedia.dll\")
O16 - DPF: {4EA7C4C5-C5C0-4F5C-A008-8293505F71CC} (CodeSupport Control) - http://www.xcp-aurora.com/clients/SoftwareUpdate.cab (http://\"http://www.xcp-aurora.com/clients/SoftwareUpdate.cab\")

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGluZHNheQ\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode

Access the following link to update your version of Java
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
I find the Windows OFFLINE installation the most reliable
Save the installer to desktop then double click on it and follow the prompts

Post back the following please
1. Run a Scan and save logfile with Hijackthis and post a fresh log
2. Post the whole report from Ewidos'
Title: Alcan.A virus
Post by: linz19838 on May 29, 2006, 11:54:46 AM
Thanks, everything seems to be working normally again!

Here is my HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:15:09 PM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsu.edu/ (http://\"http://www.bsu.edu/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (http://\"http://www.emachines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsu.edu/ (http://\"http://www.bsu.edu/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bsu.edu/"); (C:\Documents and Settings\Lindsay\Application Data\Mozilla\Profiles\default\c2ojybi9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lindsay\Application Data\Mozilla\Profiles\default\c2ojybi9.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup Trial\compind.bat
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab (http://\"http://www.worldwinner.com/games/v40/mines/mines.cab\")
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab (http://\"http://www.musicnotes.com/download/mnviewer.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab\")
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab (http://\"http://www.worldwinner.com/games/v46/brickout/brickout.cab\")
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab (http://\"http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab\")
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx (http://\"http://www.webshots.com/samplers/WSDownloader.ocx\")
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab (http://\"http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137857054515 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137857054515\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab (http://\"http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab (http://\"http://www.worldwinner.com/games/v45/sol/sol.cab\")
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab (http://\"http://www.worldwinner.com/games/v49/haunted/haunted.cab\")
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab (http://\"http://www.worldwinner.com/games/v61/swapit/swapit.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v40/hangman/hangman.cab\")
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




And here is the entire report from Ewido:

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         9:20:15 AM, 5/29/2006
 + Report-Checksum:      973FF943

 + Scan result:

   C:\Documents and Settings\Lindsay\Complete\ABC Outlook Backup 1.50.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Heroes of Might and Magic IV 2.0 to 2.2 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Heroes of Might and Magic IV editor patch 2.1 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Heroes of Might and Magic IV Equilibris Mod .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Heroes of Might and Magic IV v2.2 to v3.0 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Heroes of Might and Magic V demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Heroes of Redmarch Goblin Bane 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Heroes of the Pacific demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Heth Client Utility 5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hex Comparison 1.84.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hex Edit 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hex Editor 3.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hex Editor Delphi5ActiveX Control 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hex Puzzle demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hex Workshop 4.23.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hex-a-hop 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexadecimal to ASCII Converter 4.2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexagon 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexalot 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HexaSuper2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexcell 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HexCmp 2.14.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HexCon 1.30b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HexDataEdit 1.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HexDiff 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HexEditor 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexen demo 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexen II 0.42.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexidecimal Color Mapper 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexit 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HexMad 0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexoban 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexplore demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexprobe 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexprobe Storage Encryption Tool 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HexToolbox 2.36.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HEXtreme 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HextriX 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HexVector 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hexvex 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hey Arnold Runaway Bus 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Heybaby 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HFNetChk.exe 3.86.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HFNetChkPro 4.3.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HFS - HTTP File Server 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hi Res 3D Icon Collection 2.0c.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hi-Caption DS2 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hi-Liter 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hiband 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiBase Task Scheduler 2.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hibernate While Saving Space 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiBit Encoder 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiCalc 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hicalc 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hickwall Debugger 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiClock Pro 3.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden & Dangerous 2 Dedicated Server .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden & Dangerous 2 multiplayer 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden & Dangerous 2 multiplayer demo patch 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden & Dangerous 2 patch 1.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden & Dangerous 2 patch 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden & Dangerous 2 patch 1.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden & Dangerous 2 single-player 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden & Dangerous 2 standalone server patch 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden and Dangerous demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden Camera Control 1.0.18.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden Hunter 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden Menu 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidden Recorder 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiddenFinder 1.2.02 build369.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiddenTray Folder 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HIDE 1.0.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide and Protect any Drives 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide and Seek 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Files & Folders 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Folder 3.0.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Folders 2.3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Folders XP 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide IP Platinum 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide My Files 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide My Folders 2.1 build 2.1.2.32.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide My IP 1.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Now 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Private File Pro 6.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Secret Files 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Window Hotkey 2.5 build 20060225.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Window Now 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide Window Plus 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide&Protect 1.016c.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hide-A-File 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HideAll 2.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HideIt 2.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HidesFiles 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HideWin 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiDialer 2000 Standard 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiDownload 5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiDownload 6.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hidralisk Fotos 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hieroglyph Library 0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HieroNote Type in Hieroglyphs 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High Heat Baseball 1999 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High Heat Baseball 2000 beta demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High Heat Major League Baseball 2002 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High Impact eMail Professional 3.2.224.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High Precision Complex Calculator 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High Priority 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High Quality Photo Resizer 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High Roller 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High--Low 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\High-Velocity Paintball 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HighControl Lite 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Higher English Workout 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Higher Mathematics Quiz 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Highland Warriors 1.1 patch (English) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Highland Warriors r1a patch (UK) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Highland Warriors r1a patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HighLight Dictionary 2.10.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Highlighter 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Highly Effective Marketing Plan (HEMP) 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Highly Effective Marketing Plan 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hightolow 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HighVelocity Paintball 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HighView 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HighViewer 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Higurashi no Naku Koro ni 08 [WinD][xvid][6e3083dd] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hijacker First Contact 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HijackThis 1.99.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hijri-Cal Islamic Calendar 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hikari 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hikari Anime Chat 2.1.6b.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hikari No Ribbon 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hiking Journal 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hiking the Na Pali Coast - Kauai, Hawaii 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hill Solutions Book Center 1.4.47.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hillbilly Whack 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hillbilly Whack! 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hilow Chart 8.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HimalSoft Dictionary II 2.0.270.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HindiPad 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HindiWriter 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hip Hop Starz 1.3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hip Hop Starz Producer 1.3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hip Hop Toolbar 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hip Hop, Graffiti, and Cars 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HIPAA Employee Training Program 1.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HIPAA Security Rule Assistant 7.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HIPAA Training Program 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiPing 1.65 build 419.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HippiePro 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hippo 2.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hired Team demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hired Team Trial 2.200 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hired Team Trial Gold 2.200  patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hired Team Trial Gold patch 2.102 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hired Team Trial Gold patch 2.200 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiRestore PC Recovery System 5.62a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\His Grace Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiSerial.sys 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiSoftware Link Validation Utility 9.0.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiSoftware Web Site Monitor 9.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HiSpreadView 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HistopediaAncient Armies 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Historic Saint Augustine Screensaver 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Historical Data Downloader 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Historical Stock Data Downloader 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\History Cleaner 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\History Cleaner Free 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\History Collector Pro 1.62.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\History Destroyer 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\History Eraser 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\History of the World demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\History Sweeper 2.66.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HistoryKill 2005.1.94.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HistorySweep 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HistoryWasher 1.04.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hit The Monkeys (Pocket PC) 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hit This 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hit-Recorder 1.6.80.20.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman 2 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman 2 1.01 English patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman 2 Silent Assassin 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman 2 Silent Assassin demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman Blood Money { www IPTorrents com }.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman Blood Money-FRENCH-ReVOLVeR.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman Blood Money-RELOADED{ www IPTorrents com }.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman Codename 47 demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman Codename 47 Patch (UK) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman Codename 47 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitman Contracts patch 174.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitware Companion 3.1.1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hitware Popup Killer Lite 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hive (Operation Flashpoint Resistance) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hixus HTML Converter 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HJTHotkey 3.054.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HK Mahjong 5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HK Telbu 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HkSFV 2.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HLA Adventure 2.32.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HM Basic Unit Converter 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HM Find+Rename 1.1 SP 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HMarqueeCaption 1.1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Ho, Ho, Santa Christmas Wallpaper 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HoardMage 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HoboSoccer 2 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hockey Hangman 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hockey Scoreboard Deluxe 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hockey Scoreboard Standard 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hockey StatWiz 5.09.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hodoman Timer 6.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hog Bay Notebook  Notepad 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hog Bay Timer 1.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hog Loggin Motorcycle Maintenance 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hogwasher 4.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HoHo 4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HohoBlog 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hold Em Assistant 2.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hold'em Calculator 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hold'em Partner 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hold'em Poker Champion 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hold'em Strategy Calculator 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hold'em Tutor 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holdem 4.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holdem Bot 0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holdem Helper 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holdem Memory 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holdem Spy 3.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holdem Winner 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holding Pattern Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HoliDates 2.71.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HoliDates UK 2.71.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Babes 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Calculator Component 1.3.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Desktop 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Dogs And Cats Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Express 1.2.rfa.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Fun for Kids 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Hounds Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Lights 5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Lights 5.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Lights Designer 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Recycle Bin Icons 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holiday Smiley Collection for PostSmile 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holidays Clock Christmas Wallpaper 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holidays Manager 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hollow Ground 1.2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\HollowText 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Hollywood Mogul 2.5e.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holomatix Blaze 3D Studio 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holy Player 2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Holy Quran Easy Search & Quotation 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home & Business Lawyer Deluxe 2005 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home & Education.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Audiometer 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Audiometer 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Bookkeeping 4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Bookkeeping Lite 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Booze Information Kit 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Brew Kit Master 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Budget 4.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Business Gold .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Construction Estimator 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Cookin 5.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Credit Card Manager 3.0 build 3.0.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Data Deluxe 7.8a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Data Keeper 7.5a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Equity Loan 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Game Hero 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Inventory Deluxe 1.0.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Inventory Plus 5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Inventory Plus 5.2a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Keylogger 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Loan Interest Manager Pro 1.1.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Management Suite 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Home Manager 2005 2.0.2258.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\How to advertise.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Howard Stern On Demand - Jennifer Steele Ass Bong.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Howard Stern Show 05-25-06 24k.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Howard Stern Show 05-25-06 64k.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Calculate 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Ching Connexion X 3.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Ching, the Book of Oracles 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Hate This Key Deluxe Edition 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Heart Huckabees Screensaver .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Heart Huckabees Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Love Clipboard 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Love You Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I of the Dragon 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I of the Dragon demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I of the Enemy Ril'Cerat 2.25.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Pick'em 2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Want it Now 1.2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Was an Atomic Mutant 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I Was an Atomic Mutant 1.1 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i! Alert 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I'm InTouch 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I'm InTouch French 5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I'm InTouch German 5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I'm InTouch Pocket PC 5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I'm InTouch Spanish 5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I, Robot Screensaver .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I, Robot Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-Card Family 2.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-Catcher 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-Catcher Console 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I-Ching 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I-Ching Insider 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-Covers 2005 c.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-Dialer PPC 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I-Doser 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I-Fun Viewer 8.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-Guard MailPal 3.8.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I-Load 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-Nav 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I-Navigation 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-net Crystal-Clear 6.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I-Net Ftp 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-Net+Cert for CompTIA IK0-002 Exam 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-NetLock+ 3.2 build 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-Recipes 2004.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-ScanCam 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i-ScanCam Light Edition 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I-Screen EC 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I-WayInfo 2004.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I.ching 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i.Disk 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I.S.L. Generator 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i.Xchange MP3 Editor 2.8.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\i2Phex.tk - First Anonymous Gnutella Client 0.11.37.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I300AlertMgr 0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I300EasyKeyGuard 0.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I300SpkrPhMgr 0.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\I300VibraBlinkHack 0.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\IA eMail Server 4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\IA WebMail Server 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\IAB Studio Enterprise RIA Server 4.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\iAddressX 3.2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\iAlarm 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\iAlbumArt 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\iAlias 0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Iamanywhere 1.00.414.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\IamTheWinner Snipe Tool 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\IAP In-Store Announcement Player 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\iAutoArtwork 2.36.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\IBackup for Windows 5.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\IBackup Personal 3.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\Iban 2.75.0004.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\iBank 1.4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\iBanner 3.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\iBarcoder 2.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Complete\IBasic Professional 1.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Documents and Settings\Lindsay\Compl
Title: Alcan.A virus
Post by: guestolo on May 29, 2006, 09:06:35 PM
Can you do me a favor please
In the Ewido report
DON'T post anything that may include the "Complete" folder

As example
 C:\Documents and Settings\Lindsay\Complete\Hex Puzzle demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup

BUT, copy and paste back here anything below those entries
Title: Alcan.A virus
Post by: linz19838 on May 29, 2006, 09:55:30 PM
C:\Documents and Settings\Lindsay\My Documents\Sуmantec\msconfig.exe -> Downloader.PurityScan.cl : Cleaned with backup
   C:\Documents and Settings\Lindsay\Shared\GarageBand 1.1 .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
   C:\Program Files\Common Files\csshare\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup
   C:\Program Files\Netscape\Netscape\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup
   C:\Program Files\Virtuosa\Virtuosa.exe -> Adware.Agent : Cleaned with backup
   C:\VSL.dl_.exe -> Downloader.Small.ajc : Cleaned with backup
   C:\WINDOWS\bar.exe -> Adware.IeSearchBar : Cleaned with backup
   C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
   C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
   C:\WINDOWS\system32\olhvumv.dll -> Adware.PurityScan : Cleaned with backup
   C:\WINDOWS\wnu_157.exe -> Trojan.Qoologic : Cleaned with backup


::Report End
Title: Alcan.A virus
Post by: guestolo on May 29, 2006, 10:20:09 PM
Good work, can I have you run one more scanner please
And hold onto this one, along with Ad-Aware, it's yours for free
Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
 or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete

Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
If any Red's are found and fixed, please restart the computer

Can you make a fresh restore point please
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Click the "Create a New Restore Point"
Name it and click Create
When that's done

You have a few entries that don't need to be running on startup
Optionally, in combination of Hijackthis and the below instructions
Run a scan with Hijackthis and tick these next entries:

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
Quote
HP software updates. If a shortcut doesn't exist  create your own and run it manually

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Quote
Manually check for updates in the Windows Control panel>>Java Icon

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Quote
Application Scheduler installed along with RealOne_Player http://www.real.com/ (http://\"http://www.real.com/\"). Once installed it runs independently of RealOne Player. See here http://www.mikescomputerinfo.com/TkBellExe.htm (http://\"http://www.mikescomputerinfo.com/TkBellExe.htm\") for more information including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable tkbell.exe in the new version (1) Start RealOne Player (2) Tools - Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Quote
System Tray access to Apple's Quick Time viewer from version 5 onwards

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 
Quote
If you don 't use Windows Messenger this can be annoying. Available via Start - Programs. Go to Windows Messenger  Tools  Options  Preferences and uncheck Run this program when Windows starts

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
Quote
BigFix  can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet® Messages) and can automatically check your computer for bugs configuration conflicts and security holes. Should only be started manually as it's a resource hog

After you have ticked any or all the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart the computer

Back in windows
Your log still shows signs of Sony BMG Rootkit Infection
as indicated here in your hijackthis log
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe

This will open holes for other malware
This is a Copy Protection program (XCP) that was installed onto your computer with a music CD that you bought (check THIS LIST (http://\"http://cp.sonybmg.com/xcp/english/titles.html\") for a full list of CDs that included it). The rootkit hides the XCP files so that they can't be removed. Numerous security flaws have been found with the rootkit and other malware can use it to hide

Please CLICK HERE (http://\"http://cp.sonybmg.com/xcp/downloads/XCP2_Uninstaller.exe\") to download the removal tool. You will be presented with two options: to update the XCP (allowing you to use the affected CD on your computer, but the copy protection will still be there just with fewer security holes) or to completely remove the XCP (you will not be able to use the CD on your PC, but Sony BMG will replace it with a non DRM protected CD). Reboot your PC when prompted.
I recommend total removal!
Note: The CD is still safe to play on the home/car stereo

This link: http://www.sonybmgcdtechsettlement.com/ (http://\"http://www.sonybmgcdtechsettlement.com/\")  gives you more information about how you can claim compensation from Sony BMG over this:

After you have cleaned with Hijackthis and used the Sony BMG removal tool
 can you post one last hijackthis log please
Title: Alcan.A virus
Post by: linz19838 on May 29, 2006, 11:16:49 PM
Logfile of HijackThis v1.99.1
Scan saved at 12:11:21 AM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsu.edu/ (http://\"http://www.bsu.edu/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (http://\"http://www.emachines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsu.edu/ (http://\"http://www.bsu.edu/\")
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.bsu.edu/"); (C:\Documents and Settings\Lindsay\Application Data\Mozilla\Profiles\default\c2ojybi9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lindsay\Application Data\Mozilla\Profiles\default\c2ojybi9.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup Trial\compind.bat
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab (http://\"http://www.worldwinner.com/games/v40/mines/mines.cab\")
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab (http://\"http://www.musicnotes.com/download/mnviewer.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab\")
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v46/brickout/brickout.cab (http://\"http://www.worldwinner.com/games/v46/brickout/brickout.cab\")
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab (http://\"http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab\")
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx (http://\"http://www.webshots.com/samplers/WSDownloader.ocx\")
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab (http://\"http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137857054515 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137857054515\")
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://\"http://www.worldwinner.com/games/shared/wwlaunch.cab\")
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab (http://\"http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab\")
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab (http://\"http://www.worldwinner.com/games/v45/sol/sol.cab\")
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab (http://\"http://www.worldwinner.com/games/v49/haunted/haunted.cab\")
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab (http://\"http://www.worldwinner.com/games/v61/swapit/swapit.cab\")
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab (http://\"http://www.worldwinner.com/games/v40/hangman/hangman.cab\")
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Title: Alcan.A virus
Post by: guestolo on May 29, 2006, 11:19:41 PM
Looks good  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

If everything is running better
We should flush all your restore points to ensure you don't restore any nasties that may be sitting idle
I had you create a new restore point earlier just in case something went wrong with the removal of Sony's BMG infectionmsconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]                          
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

                 [indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install  SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")   After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
Make sure you check for updates at least once a month and/or set to Autoupdate
                   
*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Keep your Firewall protection enabled
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission

Update and do scan's with your Anti-Spyware programs on a regular basis
In addition, open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Immunize after every update

+You may choose to hold onto CleanUp! and Ewido
Ewido will become a limited free version after a couple of weeks
Still, a great scanner to update and run on a monthly basis

Please go back and reenable Norton's Script blocking if it was disabled earlier and still disabled

Stay safe  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Title: Alcan.A virus
Post by: linz19838 on May 30, 2006, 12:20:10 AM
Thanks so much! I did everything you said and my computer is working better than it did before I got the virus, so thanks again!!
Title: Alcan.A virus
Post by: guestolo on May 30, 2006, 12:23:57 AM
Your welcome, glad to help  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
I'll lock this topic as your problems appear resolved
Take care linz19838