Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Nichole

Pages: [1]

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 26, 2005, 12:02:38 PM »

I don't see that one? Quote:[color=\"#3333FF\"]"I forgot about this entry in your log
O23 - Service: Mraivc - American Megatrends Inc. - (no file)"[/color]

Logfile of HijackThis v1.99.1
Scan saved at 9:00:09 AM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 26, 2005, 01:53:12 AM »

Thank you!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />
Everything seems ok so far.
I guess I can move all those little programs into one folder incase I have anything pop-up.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Take care &
Happy Holidays.

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 26, 2005, 01:09:22 AM »

I think all is well, check this out (hjt) and tell me what you think..

I also re-ran ad-aware just to check, and it found nothing.. yay!

Logfile of HijackThis v1.99.1
Scan saved at 10:07:01 PM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mraivc - American Megatrends Inc. - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 25, 2005, 11:57:07 AM »

How discouraging.. I went ahead and ran Ad-Aware.. and Im posting the log.. without doing anything about the results just exiting the program until you take a peek and see that that dang alcan.a worm is still there.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> ~sigh
results below

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, November 25, 2005 8:45:21 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R76 22.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):23 total references
Tracking Cookie(TAC index:3):7 total references
Win32.P2P-Worm.Alcan.a(TAC index:

:1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

11-25-2005 8:45:21 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-4094609903-1387745724-3631291683-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 396
ThreadCreationTime : 11-25-2005 2:18:05 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 11-25-2005 2:18:08 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 11-25-2005 2:18:08 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 11-25-2005 2:18:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 11-25-2005 2:18:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 11-25-2005 2:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 11-25-2005 2:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 11-25-2005 2:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1068
ThreadCreationTime : 11-25-2005 2:18:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1204
ThreadCreationTime : 11-25-2005 2:18:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1472
ThreadCreationTime : 11-25-2005 2:18:12 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1480
ThreadCreationTime : 11-25-2005 2:18:12 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1500
ThreadCreationTime : 11-25-2005 2:18:12 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:14 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1576
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:15 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1600
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:16 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1772
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:17 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1804
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:18 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1812
ThreadCreationTime : 11-25-2005 2:18:13 PM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:19 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 164
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal

#:20 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 228
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:21 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 284
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:22 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 328
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:23 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 424
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 6.14.10.7184
ProductVersion : 6.14.10.7184
ProductName : NVIDIA Driver Helper Service, Version 71.84
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.84
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:24 [prismxl.sys]
FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\
ProcessID : 500
ThreadCreationTime : 11-25-2005 2:18:20 PM
BasePriority : Normal
FileVersion : 6.0.1.22
ProductVersion : 6.0.1.22
ProductName : PrismXL Software Family
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : © 1997-2004 New Boundary Technologies
OriginalFilename : PrismXL.sys

#:25 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 11-25-2005 2:18:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:26 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 11-25-2005 2:18:21 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2224
ThreadCreationTime : 11-25-2005 2:18:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2300
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:29 [nvmixertray.exe]
FilePath : C:\Program Files\NVIDIA Corporation\NvMixer\
ProcessID : 2336
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal

#:30 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 2344
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 66
ProductVersion : 1, 0, 0, 66
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:31 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 2360
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:32 [updater.exe]
FilePath : C:\
ProcessID : 2384
ThreadCreationTime : 11-25-2005 2:18:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : Moodlogic Application
CompanyName : Moodlogic
FileDescription : Moodlogic Updater Application
InternalName : Moodlogic Updater
LegalCopyright : Copyright © 2004
OriginalFilename : Updater.exe

#:33 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2484
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:34 [lxbkbmgr.exe]
FilePath : C:\Program Files\Lexmark X1100 Series\
ProcessID : 2500
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Manager
InternalName : lxbkbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmgr.exe

#:35 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2516
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:36 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2544
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:37 [shwiconem.exe]
FilePath : C:\Program Files\Digital Media Reader\
ProcessID : 2560
ThreadCreationTime : 11-25-2005 2:18:33 PM
BasePriority : Idle
FileVersion : 1, 4, 0, 8
ProductVersion : 1, 4, 0, 8
ProductName : Multimedia Card Reader
CompanyName : Alcor Micro, Corp.
LegalCopyright : Copyright c 2002

#:38 [lxbkbmon.exe]
FilePath : C:\Program Files\Lexmark X1100 Series\
ProcessID : 2668
ThreadCreationTime : 11-25-2005 2:18:34 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Monitor
InternalName : lxbkbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmon.exe

#:39 [watch.exe]
FilePath : C:\Program Files\Mustek 1200 UB Plus\Driver\
ProcessID : 2896
ThreadCreationTime : 11-25-2005 2:18:34 PM
BasePriority : Normal
FileVersion : 2, 3, 8, 0
ProductVersion : 2, 3, 8, 0
ProductName : Watch Dog
CompanyName : Common Group
FileDescription : Watch Dog
InternalName : Alex Chen
LegalCopyright : Copyright © 1998
OriginalFilename : WATCH.EXE

#:40 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3040
ThreadCreationTime : 11-25-2005 2:18:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:41 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2952
ThreadCreationTime : 11-25-2005 3:51:52 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:42 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2276
ThreadCreationTime : 11-25-2005 4:44:47 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:43 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2160
ThreadCreationTime : 11-25-2005 4:44:47 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-15-2007 2:20:18 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 12-24-2005 5:09:04 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 11-24-2010 7:43:30 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 11-23-2015 8:40:42 AM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 11-25-2006 8:40:44 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-25-2005 8:37:32 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 12-31-2009 4:00:00 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 30

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0070087.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP266\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 31

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31

8:52:47 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:25.922
Objects scanned:133918
Objects identified:15
Objects ignored:7
New critical objects:8

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 25, 2005, 10:13:53 AM »

Logfile of HijackThis v1.99.1
Scan saved at 7:11:19 AM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mraivc - American Megatrends Inc. - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Yes, I have ad-aware se 1.6

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 24, 2005, 09:29:03 PM »

You don't want me to defrag before the HJT?
(P.S. Things are running better from what I see this evening, yes)

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 24, 2005, 08:29:34 PM »

When I ran Spybot it finds two things the last few times they are
1. Wild tangent
2. Windows Security Center.AntiVirusDisableNotify
I know I want the wild tangent gone, but what about the second one?

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 24, 2005, 12:15:43 AM »

Heres the:( yes i ran it in safe mode, (both times it said something about an error but this time I did get a full report, last time i didn't))

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Owner\Desktop\ap\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
@="GHFA.I1OPPOPPQPc1CGo.BOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP6A.A096:QGMG"
"Device"="\\\\.\\AdosMan"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\imamclib.sys"
"DriverName"="strmaud"
"HideUninstallerName"="C:\\Program Files\\Alcffice\\ochvices.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\rouduser.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\shumsmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X548626d-b57f-701a-710d-ec0c016ddbee}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Alcffice\\ocmotepg.exe"
--
[HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
@="GHFA.I1OPPOPPQPc1CGo.BOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP6A.A096:QGMG"
"Device"="\\\\.\\AdosMan"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\imamclib.sys"
"DriverName"="strmaud"
"HideUninstallerName"="C:\\Program Files\\Alcffice\\ochvices.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\rouduser.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\shumsmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X548626d-b57f-701a-710d-ec0c016ddbee}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Alcffice\\ocmotepg.exe"

************

Removing hidden service:
Service strmaud removed.

Removing hidden folder:
Deletion of folder Alcffice succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\imamclib.sys succeeded!
Deletion of file C:\WINDOWS\system32\kdcpldlg.exe succeeded!
Deletion of file C:\WINDOWS\system32\shumsmgr.dll succeeded!
Deletion of file C:\WINDOWS\system32\rouduser.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CqPXtA33fX6D]
[-HKEY_CURRENT_USER\Software\CqPXtA33fX6D]
[-HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
[-HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}]

Done!

Finished!

11/23/05 21:13:49 [Info]: BlackLight Engine 1.0.25 initialized
11/23/05 21:13:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/23/05 21:13:49 [Note]: 4019 4
11/23/05 21:13:49 [Note]: 4005 0
11/23/05 21:13:53 [Note]: 4006 0
11/23/05 21:13:54 [Note]: 4011 1480
11/23/05 21:13:54 [Note]: FSRAW library version 1.7.1013
11/23/05 21:15:08 [Note]: 4007 0

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 23, 2005, 08:01:14 PM »

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Owner\Desktop\ap\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
@="GHFA.I1OPPOPPQPc1CGo.BOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP6A.A096:QGMG"
"Device"="\\\\.\\AdosMan"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\imamclib.sys"
"DriverName"="strmaud"
"HideUninstallerName"="C:\\Program Files\\Alcffice\\ochvices.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\rouduser.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\shumsmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X548626d-b57f-701a-710d-ec0c016ddbee}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Alcffice\\ocmotepg.exe"

************

Removing hidden service:
Service strmaud removed.

Removing hidden folder:

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 23, 2005, 08:12:23 AM »

Here are some of the headers and partial addresses in the pop-ups Im still getting:
Venus123
adchannel.
productopinions
ad.yieldmanager
ad.firstadsolution
ZEDO

Also I get the one(s) that say:
Spyware or Adware may be damaging your computer check ok to scan your PC now.........

Ok thats about it, Im gettng ready to head off to work.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> Have a good day. Ill check back after work,before I defrag.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 22, 2005, 09:41:55 PM »

Fresh HJT posted below. We have only had this computer for maybe 8 months( at tax time I think)
, so I have never run a defrag, should I go ahead and do that? Things are a little better here, There haven't been alot of those official looking pop-ups, just the ones that are an anoyance (ads) Still though we had NO-Pop-ups until my son said he accidentally clicked yes on something about a week and a half ago.

Logfile of HijackThis v1.99.1
Scan saved at 6:20:37 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[color=\"#FF0000\"]ALSO This is my current spybot results below can I rid the second one?[/color]

WildTangent: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 22, 2005, 08:49:43 PM »

noo, i tried , it did the same thing....
& here is my latest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 5:46:26 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Hope this shows some sort of improvement..

I gotta get dinner for the kids real quick..

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 22, 2005, 08:42:41 PM »

I can never get ewido to run more then one time, without uninstalling it and reinstalling it.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> When I start it up it just loads and and freezes continuously without allowing me to click anything (like the update button) any advice? Is there another program that would do the same thing?

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 22, 2005, 01:50:34 AM »

C:\Documents and Settings\Owner\Complete\Very Best of Simply Red.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ViceVersa Pro 2.0.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ViceVersa Pro 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Victory Road.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video AVI To Flash SWF Converter 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Convert Master 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Convert Master 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Converter Plus 2.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Converting and Burning Solution.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video DVD Duplicator 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Edit Magic 3.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Edit Magic 4.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Librarian Plus v5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video To Audio Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Vault 3.0160.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video-AVI To GIF Converter 2.0.10A9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video.to.Audio.Converter.v2.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoBlender 2.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Videocharge 2.2.3.49.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 2.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 2.3.1.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 3.2.4.37 for Professionals.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 3.3.5.28 for Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 3.3.5.28 for Professionals.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 3.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge Pro 3.33.28.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Videocharge Professional 3.1.2.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Videocharge Professional 3.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge Professional v3.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoDesktop 3.1.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Videofixer 3.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoInspector 1.7.0.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoInspector v1.5.1.84.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoInspector v1.6.1.87.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoMate v11.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoReDo 1.6.2.284.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VIETCONG 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ViewCompanion Pro v3.37.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vip Organizer 1.5.227.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VIP Organizer 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VIP Organizer 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virdi Advanced Mail Processor 1.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VirIT eXplorer Pro 5.2.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtua Cop 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtua Tennis.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VirtuaGirl 2.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 6.0.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 6.0.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 7.1.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Desk 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Desktop Toolbox 2.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual DJ 2.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual DJ Studio 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Encrypted Disk 1.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Floppy Disk.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Girl 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual PC 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual PC For Windows v5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Railroad 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VisKeeper v2.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VisNetic MailFlow 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vista Transformation Pack 1.0 (Update).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VistaDesktop Shell Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VistaTask Pro 4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual Business Cards 4.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual Mind 7.0.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual SQL-Designer 3.99.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual Zip Password Recovery 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual.CertExam.Suite 1.7.542.CHiCNCREA.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visualization Handbook.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visualizer Photo Resize 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vital Desktop Video 1.3.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VividLyrics 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VIY 1967 DVD Rip XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VLFormDesigner 1.2.019.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation 5.0. 13124.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation 5.5 Build 15576.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation v4.5.2 build 8848.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VoD.Maker.v1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voice Technology Software AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VoiceMX Studio v4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxagenda v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Elephant v2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo GlissEQ VST 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Lampthruster v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Polysquasher VST 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Redunoise VST 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Warmifier VST 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VR Software 2.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VS.net 2003 pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSL LanToucher Instant Messenger v1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO Blindwrite 5.2.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO Copy To DVD 3.0.61.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO DivXToDVD 1.99.16.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO DivXToDVD 1.99.18.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO PhotoDVD 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO PhotoDVD 2.011.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan 8.2.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan 8.3.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan Pro v8.2.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan Pro v8.2.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan Professional Edition 8.3.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vyapin Admin Report Kit for Exchange Ser.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vyapin Document Import Kit SharePoint.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vyapin.Document.Import.Kit.for.SharePoin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vypress Chat 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wages Of Sin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wake of Death.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wallpapers Collection TOP150 Girls.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wallpapers GTA San Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\wallpapers pack4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wamasoft AutoTyping Pro 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War of The world SVCD DE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War of the Worlds (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War of the Worlds (torrent).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War Of The Worlds DIVX.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War Of The Worlds Xvid FR.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War of the Worlds XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War Of The Worlds.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warcraft III Frozen Throne.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warcraft III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WareZ News Magazine August 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warez P2P 2.8 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warhammer 40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Watch Tv for free.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Water Bugs 1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wave Corrector 3.1r1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WaveLab v5.01b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WaxWorks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Way Out West - Intensify.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Album Creator 3.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Album Creator 3.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Cache Illuminator 4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Download Pro 1.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Dumper v2.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Log Suite Pro v2.73 Build 0175.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Log Suite Professional Edition 2.73.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Page Maker 2.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Stream Recorder Pro v1.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Studio 4.0-VeryCool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Thumbnailer 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Translator 5.00.5100.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web-Fi BC 3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web.Map.v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webcam Zone Trigger v1.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebcamXP Pro 2.19.125.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebcamXP Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebEQ Developers Suite v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebExe 1.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebLog Expert 3.6 beta2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webmail Retriever for Email Removed v2.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebMixer 3.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webpage Guard v2.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Desktop Firewall 1.3.0.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Desktop Firewall 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spam Shredder 1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.56.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.560.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot SpySweeper 4.0.4.430.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.1.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.2.466.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroots Spy Sweeper 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroots Windows Washer 6.0.5 Build 409.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webshots Premium Wallpapers 1600x1200.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Website Downloader v1.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Website Ecommerce.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Website Nucker,Hack any Websites.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WeBuilder 2005 6.2.0.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WeBuilder 2005 v6.2.0.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webyog SQLyog 4.07 Enterprise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webyog SQLyog Enterprise 4.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebZIP.v7.0.1.1028.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wedding Crashers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wet Young Bitches [18+].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WGCalculator 1.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WhereIsIP v2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Whisky DVD Rip SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White noise (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White Noise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White Nosie [HTTP].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White Squall.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White Stripes - Live, 06242005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Whits Chick.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WhosOn Pro 3.4.142.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wild Fire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wild Teens 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wild Wild West (1999).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Will Smith - Lost And Found.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willie Nelson - Half Nelson (duets).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willing Webcam 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willing Webcam 2.8.20050522.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willing Webcam 2.9.20050729.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willing Webcam 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Win XP Titanium iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Win-Spy Software 8.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Win-Spy Software v8.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winability Mysecretfolder 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAbility MySecretFolder v3.0 + crack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAbility MySecretFolder v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinACE 2.6d.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAce Archiver 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAce Archiver v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAce v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.07 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.09.4 Pro + ðóññèôèêàòîð + ñêèíû + ïëàãèíû + èã.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.093 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.094 Final Pro + Full + Lite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAMP 5.094 Lite Full Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAMP 5.094 LiteFullPro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.094 Pro Plus Lite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.094.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.1 Surround Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.1 Surround.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.11 Surround Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAMP 5.112.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAmp Pro 5.06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp Pro 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp Pro 5.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp Pro v5.094.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAPRS 2.8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinASO Registry Optimizer 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAudio Recorder v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI DVD Copy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 7.0 Be.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 7.0 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter is a -IN-ONE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter V. 7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinBackup Pro 2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinBackup Professional 2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinBoost 4.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinCHM 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinCloak 1.06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDesign 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDiskXP 1.2.1 (Virtual Encryption Dis.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WindowBlinds 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WindowBlinds Enhanced 4.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WindowBlinds Enhanced 4.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WindowFX 2.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2000 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2000 with SP4 5 in1 Multiboot.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2000 with SP4 5 in1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2003 Server 10in1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2003 SP1 8in1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 98 Revolutions Pack 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows And Internet Cleaner Pro 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Genuine Advantage fix.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Installer Helper Utility 2.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Media Player 10.0.0.3923.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Media Player 10.00.00.3923.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Neptune 5111.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows PE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Server 2003 3-In-1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Unattended CD Creator.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Vista Official Icons.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Vista Ultimate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows VISTA.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP 2005 Media Center.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP 64 bit Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP 64-bit pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Corporate SP2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Firewall Log Viewer 0.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Generic Activator and Tweaker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Media Center 2005 2CD ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Media Center 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Xp Media Center Edition 2005 Ful.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Media Center Edition 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP PowerPacker 1.0 RC7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro 64 Bit.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro 64-BIT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro W SP2 Corporate Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro x64.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Service Pack 3 Preview.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Service Pack SP2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP SP2 (Bone).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP SP3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Creator Platinum 2.0 Build 014.37.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Creator Platinum 2.5B014.494C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinium 7.0.B27.130.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 6.0.B06.128C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0 Build 27.073.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.B27.066.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.B27.073.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum v7.0.B27.066.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Recorder 5 Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinFax Pro 10.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winferno PC Confidential 2005.2.212.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGate Proxy Server v6.0.4 Build 1025.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGet 2.0.723.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGet 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGet v2.0.723.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGet v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGuard Pro 2005 5.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGuard Pro 2006 6.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinHex 12.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinHex 12.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinImage 7.0.7000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinImage 8.0.8000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinImage Professional 7.0g.7009.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak 3.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak 3.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak 3.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak 3.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak SE 2.3.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak v3.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner.Tweak.v3.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinOKE v3.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol 9.7.0.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol 9.7.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol 9.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol Plus 9.7.0.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol PLUS v9.7.0.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol v9.0.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol v9.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPerfect 5.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinProcesses v0.99.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinProtect 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinQuota 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winrar 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 beta 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 7 and Themes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 7 Corporate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Final - Corporate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRar 3.50 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.51 (final).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR and DosRAR 3.50 Beta7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR and DosRAR v3.50 Beta7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR Corporate Edition 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR Gold Plus Extras.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR v3.50 beta 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR v3.50 Final - Corporate Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinReminders 2005 v1.6.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winrescue XP 1.08.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRK.Archiver 2.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSCP 3.76.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSearch Pro 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSettings 2005 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinShadow 2.0.2.202.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSpeedUp 2.63.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSwitch 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wintasks Pro 4.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinTasks Pro 5.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wintensity Screen Dimmer 101.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winternals Administrator's Pak 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winternals Administrators pak v5.0 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinTools.net Professional 6.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinTools.net Professional 6.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinTools.net Professional Edition 5.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinWorkBar 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXMedia CD MP3 WAV WMA Converter 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXMedia.CD.MP3.WAV.WMA.Converter 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP LSD 35 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winxp Manager 4.8.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.89.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.92.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.93.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.93.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager v4.93.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip 10.0b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winzip 9 SR-1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip Pro 10.0 Beta 6604.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip Pro 10.0.6667.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wipe It 3.01.02.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wise-FTP 4 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Witcobber Super Video Converter 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Witcobber.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Without A Paddle.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WM Recorder 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WM Recorder 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wma MP3 Converter 2.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WnSoft PixBuilder Studio 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wolfenstein 3D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wolfenstein Enemy Territory.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wolfram Research Mathematica 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WoltLab Burning Board 2.3.3 + Rus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wonder Boys.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wonder Woman Vol.1 No218 Aug 2005 Comi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wonderland DVD Rip XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wondershare FlashOnTV 2.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Woodstock 99' 2CDs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WoodWorks 0.1.1.4331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WoodWorks v0.1.1.4331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Word 2003 Bible.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Word to PDF Converter.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WordPerfect Corrupt Document Troubleshooter 1.0.48.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WordZap Deluxe 6.58.041.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Workplace Angel 0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World of Flight.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World of Warcraft.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World Online TV 4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World Online TV 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World Racing 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World Soccer Magazine June 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WorldWide FTP v2.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms 3D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms 4 Mayhem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms 5 Mayhem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms Armageddeon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms Armageddon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms Forts Under Siege.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Writers Cafe 1.19.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WS FTP Pro 2006 0 1 0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WW 2 Tank Commander.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWAYM.NWMaxx.VST.v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWE - History of the Undertaker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWE Ppv Summerslam.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWE Wrestling Videos.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWF Safari Adventures in Africa.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWW File Share Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWW File Share Pro 3.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWW2Image 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X Codec Pack 1.8.4.151.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X Video Joiner (AVI MPEG WMV Video Joi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Clipview 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Copy Media Center 2.10.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-men 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Men Legends II Rise of Apocalypse.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-NetStat Professional 5.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-NetStat Professional 5.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\x-NetStat Professional 5.46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Setup Pro 7.1 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Setup Pro 7.2.360.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Setup Pro v7.1.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X2 X-Men United.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\XAMPP 1.4.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Xara Suite 2005 Full.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Xara Suite 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Xara Webstyle 4.0 (451 MB).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 22, 2005, 01:23:17 AM »

[color=\"#FF0000\"]I made it through ewido.( and the rest of the initial directions after that point) whew![/color]
Here is my current HJT :

Logfile of HijackThis v1.99.1
Scan saved at 10:06:48 PM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[color=\"#FF0000\"]Here is a copy of my ewido saved log. (the initial log got deleted because I ended up having to uninstall and reinstall the program before this last attempt at the whole process.[/color]

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         9:48:12 PM, 11/21/2005
+ Report-Checksum:      BF851AF3

+ Scan result:

   C:\Documents and Settings\Owner\Complete\The Mummy 1999.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Myth (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Offspring - Greatest Hits (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Pacifier RERIP TC SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Pacifier.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Palette Melody Composing Tool v3.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Panorama FactoryThe Panorama Facto.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Passion Of The Christ OST.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The PC Detective v2.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Perfect Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Prince & Me.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Prince and Me.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Prince.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Prodigy - Music For The Jilted Gener.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Professional Services Firm Bible.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Punisher ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Punisher.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Rakes - CaptureRelease.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Rasmus - Dead Letters.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Rasmus - Hide from the Sunfor.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Reckoning LiMiTED DVD Rip XViD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Regex Coach 0.7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring Two (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring Two (AC3).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring Two PAL MULTI DVD-R.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring Two.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Rising - The legend of Mangal Pandey Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Roots - Things Fall Apart.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Scottish Loveknot XXX DVD Rip Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Settlers 2 Gold Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Settlers Heritage of the Kings.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Simpson Hit and Run.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Simpsons Hit And Run - RIP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The sims 2 Nightlife.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sims 2 University.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sims Unleashed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sisterhood of the Traveling Pants (2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sisterhood of the Traveling Pants Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sisterhood of the Traveling Pants.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sixth Sense.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Skeleton Key TC XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Skeleton.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sleuthhound Pro Power Pack v4.61.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The SphereXP 0.81.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Spranos - Oksana Baby (DivX).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Suffering.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sun 3D Screensaver 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Taste Of Tea.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Terminal.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Transporter (http) DVDrip.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Transporter 2 Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Transporter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Typing Of The Dead.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Usual Suspects.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Vegas 6+DVD Production Suite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Verve - Urban Hymns.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Waterboy & Charlie and the Chocolate Factory.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Weather Man (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Weather Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The World Is Flat A Brief History of th.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The.Skeleton.Key.TS.xVID-LRC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TheHunted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ThemeEngine 5.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ThemeMakerPro Plus SE 1.2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TheSpywareKiller 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\They came back DVD Rip Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Thief 3 Deadly Shadows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Thinkershome Delphi 2 C Plus Plus Builder 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Thinkershome PC Watcher 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Thinkershome Photo to Sketch 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ThumbBuddy 2.1a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ThumbsUp v4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\THX.DTS.Dolby.Digital.Audio.Experience.T.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tidy Start Menu 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiesto-In Search Of Sunrise 4-2CD-2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Time Crisis Crisis Zone (PS2).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TimeCard Plus 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TimeWarp 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tin Soldiers Julius Caesar.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tinasoft EasyCafe 2.2.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Cars 2 1.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Firewall Pro 6.0.140.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Indian Teen Bend Over For Snatch [censored].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Personal Firewall 6.0.100.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Personal Firewall 6.5.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Personal Firewall Pro 2005 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tinynice MP3Cutter v2.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Titan FTP 4.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Titan FTP Server Enterprise Edition v4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Titan FTP Server Enterprise Edition v4.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TitleBarClock Pro 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TitleBarClock Pro 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tm 7398.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tm 8037.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TM 8382.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Token2 Plus v4.5.2.1349.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tom Petty - Playback.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider 3 The Lost Artifact iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider 3, the lost artifact.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider 5 - Chronicles.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider 5 Chronicles.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tons of Rapidshare Games.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tony Hawk's Underground 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tony Hawks Underground 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tony Rich Project - Words.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tony Yayo - Thoughts of a Predicate Fe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ToolBar 2000 6.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Top 10 IP Utilities.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Topee CD Ripper 1.2.57.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Topee CD Ripper 1.2.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Topee CD Ripper v1.2.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TopGen 2.611.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Toplang Internet Lock v3.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tori Amos - Mix.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torque ShowTool Pro 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torque ShowTool Pro.v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent - Know, Make, Upload, Search.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Barbershop.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Chasing Ghosts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Chronological X-Men.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Damn Small Linux 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent FineReader Professional 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Gran Turismo 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Microsoft Windows Vista Beta1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Mortal Kombat Shaolin Monks D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent The Perfect Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent The Sims 2 Nightlife.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control 3.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control v.3.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control v3.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control v3.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Overdose.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Recall v5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Uninstall 3.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Video Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Video Converter 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Touching the Void.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Toyota Corolla - 2004 repair manual.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trace Plus 3.6.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TRACE POINT 2005 Vol. 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tracer 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Track4Win pro 2.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tracker 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrackGrabber 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trackmania Sunrise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrackMate v5.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tracks Eraser Pro 5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Traffic Inspector 1.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrainController v5.5B1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Training The Maid [18+].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrainProgrammer v5.5B1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trainspotting - Soundtrack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TranslateIt! 1.4 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TranslatIt! 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Transporter 2 (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Transporter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trapcode Echospace 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trapt - Someone in Control.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trash It 1.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Treasure Vault 3D Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Treasure Vault 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TRECH 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trend Micro Pattern File 2.773.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trible X-The Next Level.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TriCerat Simplify.Suite 4.0.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trident Software Pragma 4.00.0037.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trillian Pro 3.1.0.121.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trillian Pro 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trillian Pro v3.1.0.121 Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Triple X (xXx).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trivial Pursuit Deluxe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Hunter 4.2.908.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Remover 6.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Remover 6.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Remover v6.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Remover v6.4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Slayer 2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Slayer 2.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\True Image Enterprise Server 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrueTTY 2.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Truly Random 1.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TUGZip 3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tunebite 2.0.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilites 2006 5.0.2331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilities 2004 4.1.2316.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilities 2006 5.0.2331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilities 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilities 4.1.2318.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tunnel trance force & Russian Dream.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turbo FTP 4.5.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turbo Photo 4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turbo Sliders 1.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TurboCAD Pro 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TurboDemo Album 1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TurboFTP 4.50 Build 420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TurboFTP 4.50.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turbolaunch 5.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turkish Gambit (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TV Player.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TV-Player 1.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TVolution 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tweak XP Pro 4.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tweak-XP Pro 4.0.6 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2005 Pro 1.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2006 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakVista™ for Mcft Windows Vista.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakWindow v1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Twisted Metal 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Twistingo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Two for the Money (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Two Songbooks (Pink Floid).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TWT Smartplus v2.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Typer Shark , Game + Typing Tutor.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\U.S. Immigration Made Easy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UFS Explorer 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Uk Speaking Clock 10.3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Burn Now 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead CD & DVD PictureShow 3 Deluxe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead COOL 360.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead COOL 3D 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Cool 3D Production Studio v1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead COOL 3D Production Studio.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead DVD MovieFactory 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead DVD MovieFactory 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Gif Animator 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead GIF Animator 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead MediaStudio Pro 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead MediaStudio Pro 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Photo Explorer 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Photo Explorer 8.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Photo Express 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Photo Express 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead PhotoImpact 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead PhotoImpact 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead PhotoImpact.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Video Studio 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Video Studio 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Video Studio 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ULEAD Video Studio 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Video ToolBox 2.0 Home.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead VideoStudio 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead VideoStudio 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UleadÂ GIF Animator 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultima Online Samurai Empire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultimate Forum Pack 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultimate Spider-Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultimate SpiderMan.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultimate Startup Manager 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltimateZip 3.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra dvd2mp3 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra MP3 to CD Burner 1.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra MPEG Converter v1.8.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra MPEG to DVD Burner 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Remote Control v2.6.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Tag Editor 2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Converter 1.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Converter 1.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Joiner 3.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Joiner v3.2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Splitter 3.4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra.Video.Joiner.v3.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra.Video.Splitter.v3.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit 11.10b+2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit 11.10c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit 11.20+3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit 11.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit v11.10b Plus 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 10.20a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.10a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.10c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO 7.6 ME.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO 7.65.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO Media Edition 7.6.2.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO Media Edition 7.6.5.1225.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO Media Edition 7.65.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO Media Edition v7.6.2.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO v7.6.2.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraMon 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraSentry 2.00a 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraSentry 2.00a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraSentry 2.0a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraSnap Pro 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Undelete Professional 5.0.112.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UnderCoverXP 1.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for Ada 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for C Plus Plus 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for Delphi 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for Fortran 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for Java 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understanding .NET A Tutorial and Analys.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understanding IBM Workplace Strategy a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Underwater Photography Magazine.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Underworld.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Une Blonde en Or Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Universal Desktop Ruler 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Universal Resource Scheduler 2.5R2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unleashed 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unleashed DVD RiP XViD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unleashed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unlocker 1.7.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unlocker 1.7.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unlocker v.1.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unreal Tournament 2004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unreal Tournament.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Uplink Hacker Elite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\URIAH HEEP - The Best Of.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\URL Helper 2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\URLBase 6.0.0.10.12 (Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\URU - Ages Beyond Myst.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Usaf 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\User Gate 3.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UserMonitor 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\uTorrent 1.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\V.A. - Mushroom Jazz Vol.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\V.A. - The passenger.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Angels 2 Chill Trance Essentials 2C.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Anjunabeats Vol. 2 (Mixed by Abov.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Hit Mix 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Ibiza Closing Party (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Madhouse 12 (2CD - 2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Martini Lounge - Coctail Nights.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - RnB Lesson Vols 1 & 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Sonic Vol. 6 (Mixed by DJ Koris).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Value Investor 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vampires Out For Blood FTP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VanDyke CRT 5.0.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vanilla Sky (DivX).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vanilla Sky.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Various Collectors.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\vBulletin 18 Skins Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\vBulletin 3.0.7 (fixed).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\vBulletin 3.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\vBulletin 3.5 Beta 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VCDEasy 3.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vecal dbXpert.for.Oracle.v5.5.83.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Veign Seeker v2.0.0.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Venom 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Venom.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Venture Tycoon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VerseQ 3.0.5 (beta).zip/Setup.exe -> W

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 21, 2005, 10:50:37 PM »

Im still here, and yes they were nearly all zip files. (and in the "complete" folder.) Anyways... Im still plugging along its just that when I load ewido, it is never loading properly my harddrive just goes and goes..
Im giving this one more good effort before I start pulling out my hair,

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' />) and then I will post back my results.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />
Nichole

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 21, 2005, 01:26:22 AM »

Im going to have to retry again tomorrow. When I got to the point of running the Ewido Security Suite, It found like 6234 infected files and then even though I had checked remove and the other box as suggested, I had to manually click yes to remove each one at the end of running it (90 minutes), when my kids and I had gotten to 5400( it took quite awhile, heh )

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> give or take 50 (lol) the computer began to freeze up and not respond. Eventually it just locked up alltogether and I rebooted it only to find it extremely sluggish even getting into safemode. I am going to reattempt this tomorrow evening after work. If you have any pointers before I start from the top. Im listening.

(Im hoping that will still be ok, and Or should I post a fresh HJT? LMK)
Thank you

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / win32.p2p-worm.alcan.a

« on: November 20, 2005, 01:35:20 PM »

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> Besides pop-ups- and unpredictable computer shut-downs it seems the computer is slower then usual. Finally I have dl the hjt and am hoping someone can lend me a hand. Thanks muchly.

HJT log below :

Logfile of HijackThis v1.99.1
Scan saved at 10:29:55 AM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - Nichole

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a

Tech Clinic / win32.p2p-worm.alcan.a