Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Afflicted

Pages: [1]

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

« on: November 22, 2005, 02:31:43 PM »

Quote

Logfile of HijackThis v1.99.1
Scan saved at 1:30:41 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
E:\Program Files\Anti-Virus\avast\aswUpdSv.exe
E:\Program Files\Anti-Virus\avast\ashServ.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
E:\Program Files\Anti-Virus\avast\ashMaiSv.exe
E:\Program Files\Anti-Virus\avast\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\ANTI-V~1\avast\ashDisp.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Winamp\winamp.exe
E:\Program Files\Anti-Virus\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ANTI-V~1\avast\ashDisp.exe
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Anti-Virus\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Anti-Virus\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Anti-Virus\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Anti-Virus\avast\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

But seriously, you've helped so much. Can I pay you or something? I think you do so much for people without asking for anything in return and I just feel like you deserve something for your trouble.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

« on: November 21, 2005, 12:53:22 PM »

Out of the Anti-Virus software you gave me, I've found avast! to be the best. I ran the boot-up scan and it got rid of everything, and continues to block things coming in.

I've done scans with ad-aware and ewido and they can't find any virus of any kind on here since I've installed avast. Thank you very very much.

If you're not convinced that my computer is clean, then I will post another HJT log at your request, but I'm pretty sure that everything is running smoothly. Thank you so much. Can I pay you somehow, or just donate to the site?

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

« on: November 20, 2005, 10:46:47 PM »

The Win32.P2P-Worm.Alcan.a came back. I used ad-aware personal se.

I am installing the programs you recommended. I only use Limewire, so if it is possible that Kazaa could still be infecting me somehow, how would I get rid of it and all its components?

I will post a frech HJT log after I scan with one of you recommended AV programs. I've used Ewido and Ad-aware already too.

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

« on: November 20, 2005, 09:23:01 PM »

It was gone, and now I scan again, and it is back.

Should I follow the same steps you've already told me?

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

« on: November 20, 2005, 09:00:11 AM »

A free solution would be wonderful. Thank you.

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

« on: November 19, 2005, 08:46:11 PM »

Quote

Logfile of HijackThis v1.99.1
Scan saved at 7:45:10 PM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\program files\valve\steam\steam.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wscntfy.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINNT\system32\wuauclt.exe
E:\Program Files\Anti-Virus\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Quote

AboutBuster 5.1, reference file 33
Scan started on [11/19/2005]at [7:34:55 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:36:50 PM

AboutBuster 5.1, reference file 33
Scan started on [11/19/2005] at [7:37:15 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:38:51 PM

Quote

Service load: 0% 100%

File: YEDIEx.exe
Status: OK
MD5 7f3d1ec102fabde0c4ff3b2b750268fa
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

« on: November 19, 2005, 07:12:48 AM »

Quote

Logfile of HijackThis v1.99.1
Scan saved at 6:09:32 AM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\Explorer.EXE
E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\program files\valve\steam\steam.exe
C:\WINNT\wanmpsvc.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
E:\Program Files\Anti-Virus\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Quote

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         5:50:33 AM, 11/19/2005
+ Report-Checksum:      9930EBBF

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Urlcli.CUrlCliObj\CLSID\\ -> Spyware.ClientMan : Cleaned with backup
   HKLM\SOFTWARE\Classes\Urlcli.CUrlCliObj.1\CLSID\\ -> Spyware.ClientMan : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID\\ -> TrojanDownloader.WebP2P : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1\CLSID\\ -> TrojanDownloader.WebP2P : Cleaned with backup
   HKLM\SOFTWARE\KMiNT21 -> Spyware.DesktopSpyAgent : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{850CD0B8-DA33-4558-A8C8-95D7908E37A7} -> Spyware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/btiein.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/btiein.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\1Click DVD Copy Pro 1.0.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\28 Days Later (2002).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\3D FTP 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\3DS Max7+SP13DS Max8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ABBYY FineReader Pro 7.0.0.963.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ABBYY FineReader Professional 8.0.706.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Access Password Recovery Genie 1.80.20051008.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ACDSee 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ace FTP 3 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Acoustica CDDVD Label Maker 2.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Acronis Privacy Expert Suite 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Active WebCam 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Advanced DVD Player.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Advanced File Encryptor - Encrypt your f.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Adware Away 2.2.86.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Age Of Empires III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ahead Nero Premium 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\All To All AudioConvert 1.13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Amazon DVD Shrinker 2.4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\American Pie 4 - Band Camp (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Anti Trojan Elite 3.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AnyDVD 5.5.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ardamax Keylogger 2.0 final Cool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ashampoo Burning Studio 5.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ashampoo Burning Studio 5.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AskSam Pro 6.0.2.777.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AskSam Resume Tracking System Pro 6.0.2.774.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Atani 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Auto Cleaner 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AutoCAD Lt 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AutoPatcher XP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AVG Anti-Virus 7.1 Build 362a656.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\AVG Anti-Virus 7.1.362.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Azureus 2.3.0.6 RC1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Beautiful Roses Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Bee Icons 4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Best MIDI To MP3 1.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Breme Write Right 2.5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\BSplayer Pro 1.30.818.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Buddy Icon Grabber 1.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\C and C Red Alert 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\CASE Studio 2.22.1.335.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Cheetah DVD Burner 1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Come and See.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Corel Painter Essentials 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Corel Photo Album 6 Deluxe + Extras.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Cucusoft Video Converter Pro 7.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Directory Opus 8.2.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Disk Space Inspector 2.9.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Doom - Soundtrack (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Doom - Soundtrack 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Dual DVD Copy 3.5.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Dual DVD Copy Gold 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Dungeon Siege 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\DVD Region + CSS Free 5.9.5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\DVDIdle 5.9.5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\E-PDF.Document.Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Easy CD-DA Extractor 8.2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Easy FlashMaker 1.2.384.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Error Doctor 2006 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Eudora 6.2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\EXPStudio Audio Editor 3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Fahrenheit - Indigo Prophecy (Game).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Fifa 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\File & Folder Protectors AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\File Control 1.38.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\File Listing Maker 1.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\File Recovery Professional 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\FileMerlin 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\FileSplit 2.33.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Flash Templates Box.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Flash2Video 3.02.460.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\FlipAlbum 6.0 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\FotoStation Pro 5.1.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\G-Clock 1.1c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\GoldLimit PrettyCase Personal Edition 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\GoldWave 5.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Google Toolbar for Internet Explorer 3.0.128.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Google Web Accelerator 0.2.62.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Grand Theft Auto.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hacker 2005 - The Broken Link.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Harry Potter And The Goblet Of Fire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hexprobe 1.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hide IP Platinum 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hiren`s BootCD 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Horoscope Interpreter.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\House of Wax (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Hpmbcalc 2.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Icon Changer 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ICQ Lite 5.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\IM2 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ImToo iPod Movie Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ImTOO PSP Video Converter 2.1.55.1108B.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Internet Download Accelerator 4.1.2.845.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Internet Download Manager 4.02.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\InterVideo DVD Copy GoldPlatinum 3.0.B016.43C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Iomatic System Medic v 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Jarhead (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Key Spy 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\KLS Backup 2005 Pro 1.7.0.012.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\KNOPPIX 4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\KoolMoves 5.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Language Engineering Power Translator.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Limewire Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\ManageDesk 2.30.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Mass Downloader 3.0 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\McAfee VirusScan 10.0.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Microsoft Student 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Miss Elliot - So Addictive.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot - The Cookbook.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot - This Is Not A Test.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot - Under Construction.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot Da Real World.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Movie DVD Maker 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Mozilla Firefox 1.5 RC3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\MP3 To Ringtone Gold 3.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\MSN Content Adder 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Mystica 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Need For Speed Most Wanted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NewLive All Media Fixer Pro 5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Nico`s Commander 5.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\No1 Video Converter 3.9.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NOD 32 2.50.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Nofeel FTP Server Enterprise 3.0.2628.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NoRedEye (merged).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Norton AntiVirus 2006 Protection Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NTI CD & DVD Maker Platinum 7.0.0.4703.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\NTI CD DVD Maker Platinum 7.0.0.4703.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Office Intercom 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Offline Explorer Enterprise 3.6.1950.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\One Click CD DVD Writer 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Panda Antivirus + Antispyware 2006 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Passware Kit Enterprise Edition 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PC AdWare SpyWare Removal 2.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PC Repair.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PC-Cillin Internet Security 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Perfect Admin 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PhotoDVD 2.013.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Pinnacle TitleDeko Pro 2.0.1634.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Planet 3D Screensavers 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PlexTools Professional XL 3.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Postal 2 Apocalypse Weekend.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Power MP3 WMA Converter 2006 3.003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Power Video Converter 1.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PowerArchiver 2004 9.20.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PowerArchiver 2006 9.50.28.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Powerful Audio Tool 1.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\PropertyEditor 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Ram Idle Pro 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\RapidShare Hacks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\RapidShare Harvester.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Rapidshare Premium Accounts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Real Spy Monitor 2.39.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Reg Organizer 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\RegDoctor 1.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SageTV Recorder 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Selteco Bannershop GIF Animator 5.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Smartftp 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Sony Sound Forge 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SoThink FlashVideo Encoder 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SpeedItUp Extreme 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SpyRemover 2.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Spyware and Adware Remover 9.2.0.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SSS DJ 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Stardock Aquarium Desktop 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Stealth (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\StealthDisk 2005.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\STOPzilla 4.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\SuperRam 5.11.7.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Symantec WinFax Pro 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\System Mechanic Professional 6.0 m.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\System Mechanic Professional 6.0o.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\System Medic 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Text To Speech Maker 1.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\The Flash Ad Creator 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\The Modern Survival Retreat.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\The Perfect Man 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\The Weather Man (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Trillian Pro 3.1.0.121.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Tuneup Utilities 2006 5.0.2331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Uk Speaking Clock 10.3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\vbs2exe English Edition 2.0.0.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Vista Explorer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Webroot Spy Sweeper 4.5.7.656.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\White noise (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Winamp 5.093 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinAVI Video Converter 6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinDVD Platinium 7.0.B27.130.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinDVD Platinum 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinDVD Recorder 5 Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinSettings 2005 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\WinXP Manager 4.89.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Wipe It 3.01.02.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Worms 4 Mayhem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Xilisoft 3GP Video Converter 2.1.55.110.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\XPCSpy Pro 2.54.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Your Uninstaller 2004 Pro 3.9.517.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Zend Studio Client 4.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Peter Stroh\Complete\Zoo Tycoon 2 Endangered Species.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp\MARSHAL2.DLL -> Spyware.P2PNetworking : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp\P2P Networking3.exe -> Spyware.P2PNetworking : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> Spyware.P2PNetworking : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4179.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4182.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4276.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4313.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4362.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4363.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4370.txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\System Volume Information\_restore{87925209-405C-42A6-8FEE-9CF10CC35238}\RP1153\A0422535.exe -> Worm.VB.an : Cleaned with backup
   C:\WINNT\ISNSYS.dll -> TrojanSpy.Justin : Cleaned with backup
   C:\WINNT\Matrix Code Emulator.scr -> Backdoor.Backattack.20.C : Cleaned with backup
   C:\WINNT\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall5_64-1.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\WINNT\system32\BO2202031216.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\WINNT\system32\cm1.dll -> Spyware.ClientMan : Cleaned with backup
   C:\WINNT\system32\ctbv2.dll -> Adware.SAHA : Cleaned with backup
   C:\WINNT\system32\hotbar.exe -> Spyware.HotBar : Cleaned with backup
   C:\WINNT\system32\ignet2.dll -> TrojanDropper.Mudrop.w : Cleaned with backup
   C:\WINNT\system32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
   C:\WINNT\system32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
   C:\WINNT\system32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
   C:\WINNT\system32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
   C:\WINNT\system32\nostalgia1.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
   C:\WINNT\system32\nostalgia1.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
   C:\WINNT\system32\nostalgia1.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
   C:\WINNT\system32\nostalgia1.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
   C:\WINNT\system32\SHAgent.dll -> Adware.SAHA : Cleaned with backup
   C:\WINNT\system32\sstep.dll -> TrojanDropper.Small.so : Cleaned with backup
   C:\WINNT\system32\Xcite.exe -> Spyware.F1Organizer : Cleaned with backup

::Report End

Thank You! I can use task manager again!

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

« on: November 18, 2005, 11:20:24 PM »

HiJack This Log:

Quote

Logfile of HijackThis v1.99.1
Scan saved at 10:19:08 PM, on 11/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\YEDIEx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\winupdates\winupdates.exe
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\program files\valve\steam\steam.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files\Anti-Virus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh212112.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - E:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Filter: text/html - {2DE94081-9FE6-4227-BC59-B7A80CC8308C} - C:\Program Files\ClientMan\run\searchrep8181a0e2.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: YEDIEx - Unknown owner - C:\WINNT\system32\YEDIEx.exe

Uninstall Programs list:

Quote

3D Matrix Screensaver 1.0
3D Matrix Screensaver: "the Endless Corridors" 1.0
3ds max 5
AceHTML 5 Freeware
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 5.0 Limited Edition
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Reader 7.0
AfterBurner Media Software 32 bit
America Online
AnswerWorks Runtime
AOL Instant Messenger
AT&T Connection Services Manager
Atomic Clock Sync
BMSE dbl
BroadJump Client Foundation
BroadJump CorrectConnect Engine
Bryce® 5
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
C-Dilla Licence Management System
Chaos Pack 1.00 for Pocket Tanks Deluxe
Chompster
Corel Applications
Cult
Data Lifeguard Tools
Desktop Taipei
Dink Smallwood
DivX 5.0.3 Bundle
Do More 5.0
Do More 5.0
Dope Wars 2.0 for Windows
Drug Lord 2
DVMPEG
DX-Ball 2
Easy CD Creator 5 Basic
Empire Earth
Empire Earth - The Art of Conquest
Enhanced MediaLoads
FaceLift
fader
Family Tree Maker
ffdshow
Font Creator Program 4.0
Fruity Loops Studio 4.1
Game Maker 6.1
GameShark for GBA
Gateway Desktop Manager
Gateway Power Management
Google Earth
Google Earth Pro
Google Toolbar for Internet Explorer
GTW V.92 Voice Modem
GTW V.92 Voicemodem
Half-Life® 2
HelpSpot
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
HTML Editor 1.5
HTML-Kit
IconCool Editor V3.0
IconCool Studio v1.4
IE Help
IEC system
IMS Web Dwarf V2
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
InterActual Player
iPod for Windows 2005-10-12
iPod Updater 2004-08-06
IrfanView (remove only)
iTunes
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_04
Java Web Start
Kali95
KaZaA Lite 2.0.2 (Kazaalite.com Edition) Build 1
Kazaa Lite K++ v2.4.1
Kazaa Lite Resurrection 0.0.7.6 F
Kazaa Media Desktop 2.1.1
Kazaa Media Desktop 2.5
KazaaBegone 1.25
K-Lite Mega Codec Pack 1.27
Knight Online
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.41 .1
Logitech Resource Center
Logitech SetPoint
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia FreeHand 10
Macromedia Shockwave Player
MAIET Gunz
Mapedit
Medal of Honor Allied Assault
MGI PhotoSuite
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Deluxe 2001
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Picture It! Express 2001
Microsoft Publisher 2002
Microsoft Return of Arcade
Microsoft SAPI 5.1 Text to Speech Engine English
Microsoft Streets and Trips 2005
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Windows Journal Viewer
mIRC
Morpheus Software
MSN Gaming Zone
MSN Music Assistant
MSXML 4.0 SP2 Parser and SDK
MyNetProtecotor Anti Spy
Nero - Burning Rom
Nero Media Player
NeroVision Express 2
Netscape (7.1)
NVIDIA Drivers
P2P Networking3
Paint Shop Pro 7 Anniversary Edition
PCDJ FX
PC-Doctor for Windows
Pharaoh
PhoneTools
Picasa 2
Pocket Tanks 1.00b
Porrasturvat - Stair Dismount
Power Pack 1.00 for Pocket Tanks Deluxe
PS/2 Millennium Keyboard
QuickTime
Rogue Spear
Roll
SBC Connection Manager
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
SE Assistant
SE Help
Search Function
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SeeMePlayMe Client
SETI@home
Shockwave
Sid Meier's SimGolf
Sierra Utilities
SimCity 3000
SiteGenWiz 1.41
Spybot - Search & Destroy 1.4
Starcraft Brood War (RAZOR 1911)
Steam(tm)
Sudoku
SwiftSwitch
TeamSpeak 2 RC2
The Free HTML Editor
The Matrix Screen Saver
TI-Black Link
TI-Graph Link 83
TI-Graph Link 86
TNT 1.1 Release
Truck Dismount (remove only)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
USB Storage Tool for Windows XP Ver 1.00
Valve Hammer Editor
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebIQ Client Software
WinAce Archiver 2.0
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Winsyntax 2.0
Worms Armageddon Demo

I was also wondering if you could help me get some of the programs off the uninstall list, because I had deleted them, but they never deleted from the uninstall list, or list of programs. Thank you again.

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

« on: November 18, 2005, 11:07:11 PM »

Just bumping this if you might have missed it. Again, thank you for your time.

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - Afflicted

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

Tech Clinic / Another Win32.P2P-Worm.Alcan.a

Tech Clinic / Another Win32.P2P-Worm.Alcan.a