Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Muku6

Pages: [1]
1
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 13, 2005, 11:55:23 AM »
Awesome.  Thank you SOOOO very much for taking your time out to help me.  I really appreciate it.

I use FireFox as my main browser, so I downloaded the first program.  I am, however, gonna download the second program in case someone ever wants to use IE.  Better to be safe than sorry.

Again, thank you very much!


-Muku

2
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 12, 2005, 11:08:51 AM »
Both the Complete folder and the winupdates were in fact hidden folders.  I wondered yesterday about that while posting, but it'd been so long since I'd revealed hidden stuff that I couldn't remember where the settings where to show them.

I could have sown you could do ipconfig from the Run without having to bring up the DOS Window in full.  But, maybe I'm losing my mind. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />  This worm has been driving me batty and I may have temporarily lost my mind with it. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />

Ad-Aware came up clean, as did AVG Anti-Virus.

Here is my current Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 11:07:31 AM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Heather\Application Data\Mozilla\Profiles\default\rhsa95z5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Heather\Application Data\Mozilla\Profiles\default\rhsa95z5.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://config.skillcheck.com/onlinetesting...1050/wficat.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

3
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 11, 2005, 10:19:03 PM »
I will say that while running Ewido, it found in my Documents and Settings/<user name> a folder named Complete.  Strangely enough, I never saw one there, at all.  And still don't.  (Assuming only files are deleted in it and nothing else.)  Not sure about that.

Anyways, here is my Ewido report:


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         9:46:13 PM, 7/11/2005
 + Report-Checksum:      B7461E3D

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKU\S-1-5-21-1409082233-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-21-1409082233-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
   HKU\S-1-5-21-1409082233-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
   HKU\S-1-5-21-1409082233-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
   HKU\S-1-5-21-1409082233-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.27:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Garv\Application Data\Mozilla\Firefox\Profiles\jsis4mxe.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.59:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.60:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.122:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.125:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.126:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.129:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.130:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
   :mozilla.131:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.132:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.145:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.146:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Garv\Application Data\Mozilla\Profiles\default\olx8h9ym.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ Advanced Uninstaller Pro 2004 6.73.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ PC Repair 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\2G Poster Works v1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\3D Canyon Flight Screensaver 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\3D Mark 2005 Pro + Keygen.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\3DS MAX 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\7-Zip 4.24.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\AceHTML Pro 6.05.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Acronis Disk Director Suite 9.0.534.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Acronis Disk Director Suite 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Actual Search Replace V2.63.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\AddRemove Plus! 2004 5.0.0.100.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Adobe Creative Suite 2 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Advanced Security Administrator 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Alcohol 120% 1.9.2.1705.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\All In one Paswords Utilities 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Anti Tracks 5.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\AntiVir Personal Edition 6.31.00.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ANYDVD 5.2.7.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Apollo 37zp.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Apollo DVD Copy v4.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Articulate Spelling v1.24.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\AudioJack 1.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Avant Browser 10.1 Beta 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Batman Begins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Battlefield 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Bewitched.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Boilsoft AVI to VCDDVD Converter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Brothers in Arms Road to Hill 30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Ca Etrust Ez Antivirus 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Camtasia Studio 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\CaptureWiz Pro 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Carmageddon TDR 2000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Catch 3D v6.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Clean Space v9.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\CloneCD 5.2.4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\CloneDVD 2.5.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Crazy.N.The.City.2005.DVDSCR.XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Dangerous Waters - HOODLUM.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Demonstration Screen v1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Desktop Search 2.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\DirWatcher Pro 2.3.181.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Disk Clean Wizard 1.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Disk Space Inspector 2.9.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\DKMessenger 3.9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Dragon Naturallyspeaking 8 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\DVD Profiler v2.4.0.868.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\DVDFab Express 2.62.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\DVDFab Platinum 2.62.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\DVDFab Platinum Edition 2.70.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\DVDIdle Pro 5.62.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\easy media creator 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Easyrecovery Pro V6.10.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\eDonkey Accelerator 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\F-Secure Anti-Virus Client Security 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\FairStars Recorder 2.60.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Fantastic 4 The Game.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Fantastic 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\FastStone Image Viewer 2.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\File Info v2.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\File Securer v3.53.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\FlashPaste 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Flatout.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\FlipAlbumĀ® Professional v6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ForecastFox 0.8.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\FotoPrint 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\FunPhotor v3.61.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\GameJack v5.0.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\GcMail 3.0.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\GetRight 5.2b Regged.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Glarysoft DVD Ripper 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\God of War USA PS2DVD5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Google Earth 3.0.036.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Google Toolbar Beta for Firefox.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Gutterball 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\HALO 2 USA XboX.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\HandyRec Professional 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Haunting Ground PS2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Herbie Fully Loaded.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\HiDownload v6.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\High Power Encryption 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Hostage (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Ice Princess (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\IEWatch v2.2.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Imperial Glory (Pc) iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\IncrediMail Xe Premium 4.00 Build 1930.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\InstallAWARE 2005 Studio Edition 3.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Internet Download Accelerator 4.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\InterVideo DVD Copy GoldPlatinum 3.0.B016.43C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\IPCheck Server Monitor 5.0.1.309.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Jasc Paint Shop Pro 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\JetAudio 6.1.3.6224.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Juiced.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Land of the Dead (2005), hurry.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Lasersoft Silverfast SFE-6.4.0r3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\LimeWire Pro 4.6.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Longman Dictionary of Contemporary Engli.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Madagascar TC SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Madagascar, 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Man of the House (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ManageDesk 2.30.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ManageDesk 2.30.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Mass Downloader 3.0 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Maxx PDFMailer 3.0.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\McAfee ePO 109mb Full Version.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\MediaCam AV v4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Microsoft AntiSpyware 1.0.614.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Microsoft Office XP Standard 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Microsoft Visio 2003 Standard.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\MindSoft Utilities XP 8.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Modem Booster 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Mp3 Doctor 5.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Mystica 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Nero 6.6.0.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Nero 6.6.0.15 NEW DOWNLOAD Today.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\nero burning rom 6.6.0.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Network Mechanic v1.2c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\No1 Screen Capture v3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\NOD32 2.000.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Nokia PC Suite 6.6.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Norton Ghost 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\O&O Soft Great Products All-In-One.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Offline Explorer Enterprise 3.6.1950.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Ontrack PowerControls v3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Outpost Firewall Pro 2.7.485.412.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Panda Platinum 2005 Internet Security.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\PCMark 05 1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Photo Pos Pro 1.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Photo2DVD Studio 3.8.3.2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Photovista Panorama 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Pinnacle TitleDeko Pro 2.0.1634.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Planespotting.2005.DVDRip.XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Plato DVD Ripper 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Poker.Spy 1.8.8.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Pop.up.Blocker.Pro.Rich-Media.Ad.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Popup Assassin Pro 1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Porn Movie Grabber 1.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Power DVD 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\PowerArchiver 2004 9.20.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Privacy Guardian 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Pro Evolution Soccer 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Process Lasso Lite 2.05rc4a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ProjectArchitect v1.0.0.59.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ProShow Gold 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Ram Idle Pro 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Raxco PerfectDisk 7.0.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Raxco Power Pack for Workstation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Recover My Files 3.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Recover My Files 3.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Reg Organizer 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ReGet Deluxe 4.1.232.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ReGet Deluxe 4.1.244.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Registry Mechanic 4.0.0.101.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Registry Mechanic 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Registry Mechanic v5.0.0.132.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Registry.Repair 1.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\RegSupreme 1.3.0.31 lite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Salon Styler Pro ($973USD) - Working WC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\SCARABAY 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Serial Viewer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Show Your Emotions- Disco Park 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ShowMaker Professional 2.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Skype 1.3.0.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\SlySoft AnyDVD 4.5.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\SmartFTP v1.5.988.29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Spam Defender Pro 5.0b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Spy Kill Deluxe Edition 2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Spy Kill Deluxe Edition v2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\SpyBlocker 8.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\StealthDisk 2005.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Steganos Internet Trace Destructor 7.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Stone.Cold.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Style XP 3.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Summer of sam.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Super SpongeBob Collapse 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\SWF Max v1.3.645 (Flash Player).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Symantec Client Security ver. 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Symantec Enterprise Firewall VPN 7.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\System Mechanic Professional 5.5a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\System Monitor 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\System Monitor v1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\TechSmith Camtasia Studio V3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\TechSmith SnagIt 7.2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\The Matrix Original Sountrack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\The Pacifier.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Time & Chaos v6.0.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Tiny Personal Firewall 6.5.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Translator Internet 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Treasure Vault 3D Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Trend micro antispyware.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Trojan Remover 6.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Tune up Utilities 2004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\TuneUp Utilities 2004 4.1.231.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\TuneUp Utilities 2004 4.1.2316.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Turbo ZIP Cracker 0.1.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Video.Gif.Converter.1.3.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Visual Business Cards 4.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\VMware Workstation 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\War of the Worlds.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Warez P2P 2.8 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Webroot Spy Sweeper 4.0.3 Build 402.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\winamp 5.093.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Winamp Pro 5.08c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\WinBoost 4.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Windows 98 SE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Windows Vaccine v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\WinDVD Platinum 6.0.6.56 + InterVideo DVD XPack Plus MP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\WinPatrol 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\WinRAR 3.50 Beta 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Wintuneup Utilities 2004 1.02.621.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\WWW File Share Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\XIII.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\XPepius 2.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Zend Studio 3.5.1Client.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\Zend Studio Client 3.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Heather\Complete\ZoneAlarm Pro 5.5.062.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup


::Report End



And here is my HijackThis report:

-------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:09:58 PM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Heather\Application Data\Mozilla\Profiles\default\rhsa95z5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Heather\Application Data\Mozilla\Profiles\default\rhsa95z5.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Heather\LOCALS~1\Temp\sahagent.exe run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://config.skillcheck.com/onlinetesting...1050/wficat.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-------------------------



I can now at least bring up my Window Task Manager, which is a relief.  I can't bring up ipconfig on Start > Run though.  It pops up for half a second, and still disappears.  Didn't happen until I got this worm, at least from what I noticed.

Hopefully things are looking better, from the logs.  I can say I'm happy right now at least having my Task Manager again. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />


-Muku

4
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 11, 2005, 10:13:47 AM »
Okay, well, got the Ewido program.  Also got Killbox.  I do have a question before preceding with this, because I'm unsure of something.  (Don't wanna mess it up.)

Quote below on what I have a question about:

Quote
Copy the file names below to the clipboard by highlighting them and pressing
Control + C

Killbox files to highlight between dotted lines
===================================================
C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINNT\system32\p2pnetwork.exe
C:\WINNT\system32\CMD.COM
C:\WINNT\system32\netstat.com
C:\WINNT\system32\ping.com
C:\WINNT\system32\regedit.com
C:\WINNT\system32\tasklist.com
C:\WINNT\system32\taskkill.com
C:\WINNT\system32\taskmgr.com
C:\WINNT\system32\tracert.com
C:\Program Files\winupdate\winupdate.exe
C:\Program Files\winupdates\a.zip[Setup.exe]C:\WINNT\System32\bt.exe
C:\WINNT\System32\z.tmp
C:\WINNT\System32\temp.zip
C:\WINNT\System32\bszip.dll

===================================================
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

You said to highlight the files, copy and then go to File > Paste from Clipboard.  Is it that you want all pasted at once, or is this a one by one type thing?  I assume one by one, but I want to make sure.  Mainly because you didn't specify, but also because I don't wanna botch this up. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

I also wanna ask this because it sounds like after saying "Yes" then "No", respectively, that there's a chance to restart.  (Of course, if it doesn't then a manual restart is in order.)  So, wanting to check on this.  Don't want just one file done at restart if I'm suppose to do them all.

Many thanks for your time so far, and any additional time you take to respond to my thread. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

-Muku




EDIT:  Forgot to mention why I ask this --

I tried using the Paste from Clipboard option in Killbox, but it won't paste.  So when I tried to hit CTL+V or right mouse click and then go to Paste.  Course in doing that, only one file shows up.  (Guess it makes sense for only one since there's only enough space for one.  But don't wanna proceed if there's possible restart after doing first one.)  Just unsure and want to clairify.  Thanks! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

5
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 11, 2005, 12:43:34 AM »
Downloaded Windows Cleanup! 4.0 and have that installed.  Got Ad-Aware on July 09, and incidentally is how I found out I had the worm to begin with. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />  So, covered on that, but did check for updates just to make sure, but nothing.

I can't, however, at this time get the Ewido Security Suite link to come up.  It times out every time I try to go to it.  I'll try it in the morning I suppose.  Then continue on with the rest of the instructions.

6
Tech Clinic / win32.p2p-worm.alcan.a
« on: July 10, 2005, 05:21:15 PM »
Yeah, with this worm, CTRL+ALT+DLT is disabled.  Very frustrating.  It also disables some other things, like if I go to START > RUN and then type in ipconfig, it pops up the DOS window for half a second, then disappears.  I think there a few commands that done that way have the same reaction.

Made installing my router stuff yesterday a bit of a pain.  This worm seems to disable a few things for irritation. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

7
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 10, 2005, 05:11:51 PM »
Actually, all spaces in the log were that way when I copied and pasted it.  I'd read somewhere before, before posting, you telling someone the same thing, so I made sure not to do anything with the file before hand.  Just a simple copy/paste into the forum.

Here is the current log as of a few moments ago...


-----------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:05:41 PM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Heather\Application Data\Mozilla\Profiles\default\rhsa95z5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Heather\Application Data\Mozilla\Profiles\default\rhsa95z5.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://config.skillcheck.com/onlinetesting...1050/wficat.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-----------------------------------------


I navigated into the C:\Documents and Settings\<user account>, of course with the user account being my account.  There is no folder named Complete.  There is however a folder named Incomplete and a .limewire folder that I don't recall being there before.

8
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 09, 2005, 08:23:29 PM »
Hello. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

I guess I should introduce myself as also being a recent victim of the Win32.P2P-Worm.Alcan.a problem.  Done some looking around, and it seems that a lot think it came from Limewire.  Which I had until I tossed a few minutes ago, before reading the thoughts behind it being Limewire.  (Would make sense, I suppose, since it did bring up Limewire on startup and continuously bring it up each time I closed it.)

Anyways, enough of my blabbering. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />  Here is my HJACKTHIS log file:

-----------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:16:24 PM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://yahoo.sbc.com/dsl
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage",

"http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and

Settings\Heather\Application Data\Mozilla\Profiles\default\rhsa95z5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%

20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and

Settings\Heather\Application Data\Mozilla\Profiles\default\rhsa95z5.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} -

http://config.skillcheck.com/onlinetesting...1050/wficat.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common

Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

-----------------------------------------------------

I hope someone will be able to help me soon.  This is a most annoying worm. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Thank you... and I appreciate any and all help I get with this. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />


-Muku

Pages: [1]