« previous next »
Pages: [1] 2

Author Topic: win32.p2p-worm.alcan.a  (Read 4784 times)

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« on: November 20, 2005, 01:35:20 PM »
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> Besides pop-ups- and unpredictable computer shut-downs it seems the computer is slower then usual. Finally I have dl the hjt and am hoping someone can lend me a hand. Thanks muchly.

HJT log below :

Logfile of HijackThis v1.99.1
Scan saved at 10:29:55 AM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #1 on: November 20, 2005, 02:11:31 PM »
Hi Nichole
I need you to do the following

When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open

Right click an empty spot on the desktop and left click NEW>>Folder
A new folder will be placed on the desktop, name it BFU

Download and save p2pnetwork.zip
Then UNZIP it to the BFU Folder

Download and save and then UNZIP to the BFU folder
BFU.zip
So you now have BFU.exe extracted

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please  save these instructions to a Notepad file and save it to your Desktop for reference
Or Print this out

Open Spybot>> check for updates please and download all updates if any

Disconnect from the Internet
I need you too disable Spybot's TeaTimer so it won't interfere with any fixes we try
You can reenable this once we have you clean, keep it disabled until I give you an all clear

Open Spybot>>click on MODE>>Advanced Mode>>Yes to the prompt
Click on TOOLS on the bottom left
SYSTEM STARTUP>>Uncheck TeaTimer
Allow the change

Access your Add/Remove programs and remove if found
SurfAccuracy
Also remove Party Poker if you didn't intentionally install it

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link I supplied for an alternate method

Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

Find and delete this folder if found
C:\Program Files\SurfAccuracy <-this folder

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: Well Ewido is running, don't open any other windows, let it do it's job

Do another scan with Hijackthis and put a check next to these entries:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run SPYBOT
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED

Restart back to Normal mode

Back in Windows
Post a fresh hijackthis log and the whole report from Ewido's

NOTE: This entry in your log
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
That's not how it shows when you paste it back here, can you put a space after the DOT, right before "com"
Before hitting the "add reply" button
It's a board setting, I want to make sure it's legit
I'll remove it if it's your own address later, thanks
« Last Edit: November 21, 2005, 01:20:05 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #2 on: November 21, 2005, 01:26:22 AM »
Im going to have to retry again tomorrow. When I got to the point of running the Ewido Security Suite, It found like 6234 infected files and then even though I had checked remove and the other box as suggested, I had to manually click yes to remove each one at the end of running it (90 minutes), when my kids and I had gotten to 5400( it took quite awhile, heh )  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> give or take 50 (lol) the computer began to freeze up and not respond. Eventually it just locked up alltogether and I rebooted it only to find it extremely sluggish even getting into safemode. I am going to reattempt this tomorrow evening after work. If you have any pointers before I start from the top. Im listening.

(Im hoping that will still be ok, and Or should I post a fresh HJT? LMK)
Thank you  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #3 on: November 21, 2005, 02:05:43 AM »
I'm guessing that most of the infected files may be zip files, cookies, and possibly system volume information folder

The latter will be completely cleaned in your final cleanup
If possible
Start the whole fix again, with luck, the main infection is gone, still have to get some leftovers

If you have any file sharing programs
Eg.. Limewire, disable them from running for the time being

Regardless of what happens, post back a fresh hijackthis log and possibly Ewido report
If the Ewido report is too big, can you attach it please
But I would like to see it if you can

I won't be back online till after work tomorrow, so please do what you can
« Last Edit: November 21, 2005, 02:11:34 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #4 on: November 21, 2005, 10:50:37 PM »
Im still here, and yes they were nearly all zip files. (and in the "complete" folder.) Anyways... Im still plugging along its just that when I load ewido, it is never loading properly my harddrive just goes and goes..
Im giving this one more good effort before I start pulling out my hair,  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' />)  and then I will post back my results.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />
Nichole
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #5 on: November 21, 2005, 11:05:40 PM »
Can you do the following after you run BFU.exe


Navigate to the Complete folder and delete all the zip files you don't recognize
Lot's/All will have some bad names, not your fault

The folder will be located in this location
 C:\Documents and Settings\<User Account>\Complete
<User Account>= Users profile name

You will have to
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

That should save some time scanning with Ewido
« Last Edit: November 21, 2005, 11:07:04 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #6 on: November 22, 2005, 01:23:17 AM »
[color=\"#FF0000\"]I made it through ewido.( and the rest of the initial directions after that point) whew![/color]
Here is my current HJT :

Logfile of HijackThis v1.99.1
Scan saved at 10:06:48 PM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


[color=\"#FF0000\"]Here is a copy of my ewido saved log. (the initial log got deleted because I ended up having to uninstall and reinstall the program before this last attempt at the whole process.[/color]


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         9:48:12 PM, 11/21/2005
 + Report-Checksum:      BF851AF3

 + Scan result:

   C:\Documents and Settings\Owner\Complete\The Mummy 1999.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Myth (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Offspring - Greatest Hits (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Pacifier RERIP TC SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Pacifier.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Palette Melody Composing Tool v3.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Panorama FactoryThe Panorama Facto.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Passion Of The Christ OST.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The PC Detective v2.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Perfect Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Prince &amp; Me.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Prince and Me.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Prince.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Prodigy - Music For The Jilted Gener.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Professional Services Firm Bible.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Punisher ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Punisher.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Rakes - CaptureRelease.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Rasmus - Dead Letters.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Rasmus - Hide from the Sunfor.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Reckoning LiMiTED DVD Rip XViD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Regex Coach 0.7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring Two (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring Two (AC3).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring Two PAL MULTI DVD-R.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring Two.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Ring.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Rising - The legend of Mangal Pandey Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Roots - Things Fall Apart.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Scottish Loveknot XXX DVD Rip Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Settlers 2 Gold Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Settlers Heritage of the Kings.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Simpson Hit and Run.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Simpsons Hit And Run - RIP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The sims 2 Nightlife.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sims 2 University.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sims Unleashed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sisterhood of the Traveling Pants (2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sisterhood of the Traveling Pants Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sisterhood of the Traveling Pants.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sixth Sense.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Skeleton Key TC XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Skeleton.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sleuthhound Pro Power Pack v4.61.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The SphereXP 0.81.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Spranos - Oksana Baby (DivX).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Suffering.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Sun 3D Screensaver 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Taste Of Tea.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Terminal.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Transporter (http) DVDrip.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Transporter 2 Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Transporter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Typing Of The Dead.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Usual Suspects.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Vegas 6+DVD Production Suite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Verve - Urban Hymns.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Waterboy & Charlie and the Chocolate Factory.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Weather Man (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The Weather Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The World Is Flat A Brief History of th.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\The.Skeleton.Key.TS.xVID-LRC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TheHunted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ThemeEngine 5.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ThemeMakerPro Plus SE 1.2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TheSpywareKiller 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\They came back DVD Rip Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Thief 3 Deadly Shadows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Thinkershome Delphi 2 C Plus Plus Builder 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Thinkershome PC Watcher 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Thinkershome Photo to Sketch 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ThumbBuddy 2.1a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ThumbsUp v4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\THX.DTS.Dolby.Digital.Audio.Experience.T.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tidy Start Menu 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiesto-In Search Of Sunrise 4-2CD-2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Time Crisis Crisis Zone (PS2).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TimeCard Plus 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TimeWarp 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tin Soldiers Julius Caesar.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tinasoft EasyCafe 2.2.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Cars 2 1.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Firewall Pro 6.0.140.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Indian Teen Bend Over For Snatch [censored].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Personal Firewall 6.0.100.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Personal Firewall 6.5.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tiny Personal Firewall Pro 2005 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tinynice MP3Cutter v2.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Titan FTP 4.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Titan FTP Server Enterprise Edition v4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Titan FTP Server Enterprise Edition v4.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TitleBarClock Pro 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TitleBarClock Pro 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tm 7398.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tm 8037.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TM 8382.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Token2 Plus v4.5.2.1349.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tom Petty - Playback.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider 3 The Lost Artifact iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider 3, the lost artifact.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider 5 - Chronicles.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider 5 Chronicles.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tomb Raider.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tons of Rapidshare Games.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tony Hawk's Underground 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tony Hawks Underground 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tony Rich Project - Words.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tony Yayo - Thoughts of a Predicate Fe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ToolBar 2000 6.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Top 10 IP Utilities.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Topee CD Ripper 1.2.57.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Topee CD Ripper 1.2.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Topee CD Ripper v1.2.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TopGen 2.611.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Toplang Internet Lock v3.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tori Amos - Mix.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torque ShowTool Pro 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torque ShowTool Pro.v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent - Know, Make, Upload, Search.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Barbershop.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Chasing Ghosts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Chronological X-Men.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Damn Small Linux 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent FineReader Professional 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Gran Turismo 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Microsoft Windows Vista Beta1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent Mortal Kombat Shaolin Monks D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent The Perfect Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Torrent The Sims 2 Nightlife.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control 3.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control v.3.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control v3.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Game Control v3.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Overdose.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Recall v5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Uninstall 3.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Video Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Total Video Converter 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Touching the Void.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Toyota Corolla - 2004 repair manual.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trace Plus 3.6.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TRACE POINT 2005 Vol. 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tracer 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Track4Win pro 2.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tracker 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrackGrabber 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trackmania Sunrise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrackMate v5.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tracks Eraser Pro 5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Traffic Inspector 1.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrainController v5.5B1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Training The Maid [18+].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrainProgrammer v5.5B1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trainspotting - Soundtrack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TranslateIt! 1.4 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TranslatIt! 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Transporter 2 (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Transporter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trapcode Echospace 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trapt - Someone in Control.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trash It 1.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Treasure Vault 3D Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Treasure Vault 3D Screensaver.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TRECH 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trend Micro Pattern File 2.773.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trible X-The Next Level.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TriCerat Simplify.Suite 4.0.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trident Software Pragma 4.00.0037.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trillian Pro 3.1.0.121.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trillian Pro 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trillian Pro v3.1.0.121 Cracked.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Triple X (xXx).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trivial Pursuit Deluxe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Hunter 4.2.908.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Remover 6.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Remover 6.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Remover v6.4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Remover v6.4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Slayer 2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Trojan Slayer 2.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\True Image Enterprise Server 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TrueTTY 2.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Truly Random 1.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TUGZip 3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tunebite 2.0.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilites 2006 5.0.2331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilities 2004 4.1.2316.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilities 2006 5.0.2331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilities 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TuneUp Utilities 4.1.2318.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tunnel trance force & Russian Dream.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turbo FTP 4.5.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turbo Photo 4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turbo Sliders 1.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TurboCAD Pro 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TurboDemo Album 1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TurboFTP 4.50 Build 420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TurboFTP 4.50.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turbolaunch 5.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Turkish Gambit (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TV Player.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TV-Player 1.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TVolution 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tweak XP Pro 4.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Tweak-XP Pro 4.0.6 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2005 Pro 1.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2006 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakVistaâ„¢ for Mcft Windows Vista.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TweakWindow v1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Twisted Metal 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Twistingo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Two for the Money (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Two Songbooks (Pink Floid).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\TWT Smartplus v2.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Typer Shark , Game + Typing Tutor.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\U.S. Immigration Made Easy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UFS Explorer 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Uk Speaking Clock 10.3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Burn Now 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead CD &amp; DVD PictureShow 3 Deluxe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead COOL 360.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead COOL 3D 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Cool 3D Production Studio v1.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead COOL 3D Production Studio.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead DVD MovieFactory 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead DVD MovieFactory 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Gif Animator 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead GIF Animator 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead MediaStudio Pro 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead MediaStudio Pro 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Photo Explorer 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Photo Explorer 8.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Photo Express 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Photo Express 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead PhotoImpact 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead PhotoImpact 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead PhotoImpact.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Video Studio 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Video Studio 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Video Studio 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ULEAD Video Studio 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead Video ToolBox 2.0 Home.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead VideoStudio 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead VideoStudio 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ulead GIF Animator 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultima Online Samurai Empire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultimate Forum Pack 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultimate Spider-Man.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultimate SpiderMan.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultimate Startup Manager 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltimateZip 3.1b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra dvd2mp3 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra MP3 to CD Burner 1.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra MPEG Converter v1.8.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra MPEG to DVD Burner 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Remote Control v2.6.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Tag Editor 2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Converter 1.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Converter 1.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Joiner 3.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Joiner v3.2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra Video Splitter 3.4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra.Video.Joiner.v3.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Ultra.Video.Splitter.v3.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit 11.10b+2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit 11.10c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit 11.20+3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit 11.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit v11.10b Plus 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 10.20a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.10a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.10c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraEdit-32 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO 7.6 ME.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO 7.65.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO Media Edition 7.6.2.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO Media Edition 7.6.5.1225.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO Media Edition 7.65.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO Media Edition v7.6.2.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraISO v7.6.2.1180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraMon 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraSentry 2.00a 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraSentry 2.00a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraSentry 2.0a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UltraSnap Pro 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Undelete Professional 5.0.112.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UnderCoverXP 1.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for Ada 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for C Plus Plus 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for Delphi 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for Fortran 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understand for Java 1.4.330.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understanding .NET A Tutorial and Analys.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Understanding IBM Workplace Strategy a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Underwater Photography Magazine.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Underworld.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Une Blonde en Or Xvid.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Universal Desktop Ruler 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Universal Resource Scheduler 2.5R2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unleashed 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unleashed DVD RiP XViD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unleashed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unlocker 1.7.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unlocker 1.7.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unlocker v.1.7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unreal Tournament 2004.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Unreal Tournament.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Uplink Hacker Elite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\URIAH HEEP - The Best Of.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\URL Helper 2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\URLBase 6.0.0.10.12 (Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\URU - Ages Beyond Myst.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Usaf 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\User Gate 3.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\UserMonitor 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\uTorrent 1.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\V.A. - Mushroom Jazz Vol.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\V.A. - The passenger.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Angels 2 Chill Trance Essentials 2C.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Anjunabeats Vol. 2 (Mixed by Abov.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Hit Mix 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Ibiza Closing Party (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Madhouse 12 (2CD - 2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Martini Lounge - Coctail Nights.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - RnB Lesson Vols 1 &amp; 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VA - Sonic Vol. 6 (Mixed by DJ Koris).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Value Investor 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vampires Out For Blood FTP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VanDyke CRT 5.0.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vanilla Sky (DivX).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vanilla Sky.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Various Collectors.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\vBulletin 18 Skins Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\vBulletin 3.0.7 (fixed).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\vBulletin 3.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\vBulletin 3.5 Beta 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VCDEasy 3.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vecal dbXpert.for.Oracle.v5.5.83.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Veign Seeker v2.0.0.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Venom 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Venom.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Venture Tycoon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VerseQ 3.0.5 (beta).zip/Setup.exe -> W
Logged

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #7 on: November 22, 2005, 01:50:34 AM »
C:\Documents and Settings\Owner\Complete\Very Best of Simply Red.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ViceVersa Pro 2.0.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ViceVersa Pro 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Victory Road.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video AVI To Flash SWF Converter 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Convert Master 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Convert Master 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Converter Plus 2.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Converting and Burning Solution.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video DVD Duplicator 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Edit Magic 3.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Edit Magic 4.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Librarian Plus v5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video To Audio Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video Vault 3.0160.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video-AVI To GIF Converter 2.0.10A9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Video.to.Audio.Converter.v2.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoBlender 2.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Videocharge 2.2.3.49.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 2.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 2.3.1.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 3.2.4.37 for Professionals.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 3.3.5.28 for Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 3.3.5.28 for Professionals.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge 3.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge Pro 3.33.28.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Videocharge Professional 3.1.2.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Videocharge Professional 3.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoCharge Professional v3.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoDesktop 3.1.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Videofixer 3.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoInspector 1.7.0.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoInspector v1.5.1.84.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoInspector v1.6.1.87.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoMate v11.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VideoReDo 1.6.2.284.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VIETCONG 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\ViewCompanion Pro v3.37.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vip Organizer 1.5.227.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VIP Organizer 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VIP Organizer 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virdi Advanced Mail Processor 1.8.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VirIT eXplorer Pro 5.2.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtua Cop 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtua Tennis.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VirtuaGirl 2.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 6.0.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 6.0.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 7.1.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual CD 7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Desk 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Desktop Toolbox 2.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual DJ 2.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual DJ Studio 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Encrypted Disk 1.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Floppy Disk.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Girl 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual PC 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual PC For Windows v5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Virtual Railroad 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VisKeeper v2.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VisNetic MailFlow 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vista Transformation Pack 1.0 (Update).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VistaDesktop Shell Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VistaTask Pro 4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual Business Cards 4.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual Mind 7.0.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual SQL-Designer 3.99.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual Zip Password Recovery 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visual.CertExam.Suite 1.7.542.CHiCNCREA.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visualization Handbook.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Visualizer Photo Resize 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vital Desktop Video 1.3.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VividLyrics 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VIY 1967 DVD Rip XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VLFormDesigner 1.2.019.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation 5.0. 13124.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation 5.5 Build 15576.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VMware Workstation v4.5.2 build 8848.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VoD.Maker.v1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voice Technology Software AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VoiceMX Studio v4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxagenda v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Elephant v2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo GlissEQ VST 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Lampthruster v2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Polysquasher VST 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Redunoise VST 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Voxengo Warmifier VST 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VR Software 2.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VS.net 2003 pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSL LanToucher Instant Messenger v1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO Blindwrite 5.2.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO Copy To DVD 3.0.61.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO DivXToDVD 1.99.16.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO DivXToDVD 1.99.18.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO PhotoDVD 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VSO PhotoDVD 2.011.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan 8.2.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan 8.3.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan Pro v8.2.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan Pro v8.2.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\VueScan Professional Edition 8.3.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vyapin Admin Report Kit for Exchange Ser.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vyapin Document Import Kit SharePoint.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vyapin.Document.Import.Kit.for.SharePoin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Vypress Chat 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wages Of Sin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wake of Death.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wallpapers Collection TOP150 Girls.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wallpapers GTA San Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\wallpapers pack4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wamasoft AutoTyping Pro 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War of The world SVCD DE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War of the Worlds (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War of the Worlds (torrent).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War Of The Worlds DIVX.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War Of The Worlds Xvid FR.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War of the Worlds XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\War Of The Worlds.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warcraft III Frozen Throne.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warcraft III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WareZ News Magazine August 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warez P2P 2.8 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warez P2P 2.85 .zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Warhammer 40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Watch Tv for free.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Water Bugs 1.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wave Corrector 3.1r1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WaveLab v5.01b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WaxWorks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Way Out West - Intensify.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Album Creator 3.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Album Creator 3.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Cache Illuminator 4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Download Pro 1.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Dumper v2.23.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Log Suite Pro v2.73 Build 0175.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Log Suite Professional Edition 2.73.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Page Maker 2.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Stream Recorder Pro v1.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Studio 4.0-VeryCool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Thumbnailer 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web Translator 5.00.5100.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web-Fi BC 3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Web.Map.v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webcam Zone Trigger v1.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebcamXP Pro 2.19.125.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebcamXP Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebEQ Developers Suite v3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebExe 1.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebLog Expert 3.6 beta2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webmail Retriever for Email Removed v2.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebMixer 3.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webpage Guard v2.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Desktop Firewall 1.3.0.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Desktop Firewall 1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spam Shredder 1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.56.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.560.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot SpySweeper 4.0.4.430.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.1.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.2.466.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroots Spy Sweeper 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webroots Windows Washer 6.0.5 Build 409.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webshots Premium Wallpapers 1600x1200.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Website Downloader v1.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Website Ecommerce.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Website Nucker,Hack any Websites.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WeBuilder 2005 6.2.0.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WeBuilder 2005 v6.2.0.55.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webyog SQLyog 4.07 Enterprise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Webyog SQLyog Enterprise 4.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WebZIP.v7.0.1.1028.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wedding Crashers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wet Young Bitches   [18+].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WGCalculator 1.3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WhereIsIP v2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Whisky DVD Rip SVCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White noise (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White Noise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White Nosie [HTTP].zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White Squall.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\White Stripes - Live, 06242005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Whits Chick.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WhosOn Pro 3.4.142.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wild Fire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wild Teens 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wild Wild West (1999).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Will Smith - Lost And Found.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willie Nelson - Half Nelson (duets).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willing Webcam 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willing Webcam 2.8.20050522.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willing Webcam 2.9.20050729.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Willing Webcam 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Win XP Titanium iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Win-Spy Software 8.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Win-Spy Software v8.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winability Mysecretfolder 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAbility MySecretFolder v3.0 + crack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAbility MySecretFolder v3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinACE 2.6d.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAce Archiver 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAce Archiver v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAce v2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.07 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.09.4 Pro + ðóññèôèêàòîð + ñêèíû + ïëàãèíû + èã.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.093 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.094 Final Pro + Full + Lite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAMP 5.094 Lite Full Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAMP 5.094 LiteFullPro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.094 Pro  Plus  Lite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.094.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.1 Surround Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.1 Surround.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp 5.11 Surround Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAMP 5.112.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAmp Pro 5.06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp Pro 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp Pro 5.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winamp Pro v5.094.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAPRS 2.8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinASO Registry Optimizer 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAudio Recorder v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI DVD Copy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 7.0 Be.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 7.0 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter is a -IN-ONE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinAVI Video Converter V. 7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinBackup Pro 2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinBackup Professional 2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinBoost 4.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinCHM 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinCloak 1.06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDesign 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDiskXP 1.2.1 (Virtual Encryption Dis.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WindowBlinds 5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WindowBlinds Enhanced 4.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WindowBlinds Enhanced 4.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WindowFX 2.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2000 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2000 with SP4 5 in1 Multiboot.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2000 with SP4 5 in1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2003 Server 10in1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 2003 SP1 8in1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows 98 Revolutions Pack 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows And Internet Cleaner Pro 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Genuine Advantage fix.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Installer Helper Utility 2.1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Media Player 10.0.0.3923.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Media Player 10.00.00.3923.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Neptune 5111.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows PE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Server 2003 3-In-1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Unattended CD Creator.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Vista Official Icons.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Vista Ultimate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows VISTA.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP 2005 Media Center.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP 64 bit Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP 64-bit pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Corporate SP2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Firewall Log Viewer 0.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Generic Activator and Tweaker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Media Center 2005 2CD ISO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Media Center 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows Xp Media Center Edition 2005 Ful.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Media Center Edition 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP PowerPacker 1.0 RC7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro 64 Bit.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro 64-BIT.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro W SP2 Corporate Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro x64.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Service Pack 3 Preview.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP Service Pack SP2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP SP2 (Bone).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Windows XP SP3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Creator Platinum 2.0 Build 014.37.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Creator Platinum 2.5B014.494C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinium 7.0.B27.130.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 6.0.B06.128C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0 Build 27.073.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.B27.066.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.B27.073.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Platinum v7.0.B27.066.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinDVD Recorder 5 Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinFax Pro 10.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winferno PC Confidential 2005.2.212.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGate Proxy Server v6.0.4 Build 1025.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGet 2.0.723.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGet 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGet v2.0.723.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGet v2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGuard Pro 2005 5.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinGuard Pro 2006 6.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinHex 12.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinHex 12.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinImage 7.0.7000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinImage 8.0.8000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinImage Professional 7.0g.7009.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak 3.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak 3.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak 3.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak 3.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak SE 2.3.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner Tweak v3.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WINner.Tweak.v3.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinOKE v3.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol 9.7.0.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol 9.7.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol 9.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol Plus 9.7.0.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol PLUS v9.7.0.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol v9.0.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPatrol v9.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinPerfect 5.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinProcesses v0.99.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinProtect 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinQuota 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winrar 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 beta 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 7 and Themes.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 7 Corporate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Beta 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50 Final - Corporate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRar 3.50 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.51 (final).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR 3.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR and DosRAR 3.50 Beta7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR and DosRAR v3.50 Beta7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR Corporate Edition 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR Gold Plus Extras.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR v3.50 beta 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRAR v3.50 Final - Corporate Edition.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinReminders 2005 v1.6.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winrescue XP 1.08.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinRK.Archiver 2.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSCP 3.76.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSearch Pro 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSettings 2005 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinShadow 2.0.2.202.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSpeedUp 2.63.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinSwitch 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wintasks Pro 4.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinTasks Pro 5.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wintensity Screen Dimmer 101.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winternals Administrator's Pak 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winternals Administrators pak v5.0 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinTools.net Professional 6.3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinTools.net Professional 6.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinTools.net Professional Edition 5.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinWorkBar 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXMedia CD MP3 WAV WMA Converter 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXMedia.CD.MP3.WAV.WMA.Converter 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP LSD 35 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winxp Manager 4.8.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.89.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.92.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.93.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.93.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinXP Manager v4.93.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip 10.0b.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip 11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Winzip 9 SR-1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip Pro 10.0 Beta 6604.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WinZip Pro 10.0.6667.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wipe It 3.01.02.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wise-FTP 4 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Witcobber Super Video Converter 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Witcobber.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Without A Paddle.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WM Recorder 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WM Recorder 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wma MP3 Converter 2.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WnSoft PixBuilder Studio 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wolfenstein 3D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wolfenstein Enemy Territory.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wolfram Research Mathematica 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WoltLab Burning Board 2.3.3 + Rus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wonder Boys.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wonder Woman Vol.1 No218 Aug 2005 Comi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wonderland DVD Rip XviD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Wondershare FlashOnTV 2.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Woodstock 99' 2CDs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WoodWorks 0.1.1.4331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WoodWorks v0.1.1.4331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Word 2003 Bible.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Word to PDF Converter.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WordPerfect Corrupt Document Troubleshooter 1.0.48.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WordZap Deluxe 6.58.041.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Workplace Angel 0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World of Flight.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World of Warcraft.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World Online TV 4.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World Online TV 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World Racing 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\World Soccer Magazine June 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WorldWide FTP v2.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms 3D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms 4 Mayhem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms 5 Mayhem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms Armageddeon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms Armageddon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Worms Forts Under Siege.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Writers Cafe 1.19.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WS FTP Pro 2006 0 1 0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WW 2 Tank Commander.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWAYM.NWMaxx.VST.v1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWE - History of the Undertaker.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWE Ppv Summerslam.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWE Wrestling Videos.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWF Safari Adventures in Africa.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWW File Share Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWW File Share Pro 3.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\WWW2Image 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X Codec Pack 1.8.4.151.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X Video Joiner (AVI MPEG WMV Video Joi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Clipview 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Copy Media Center 2.10.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-men 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Men Legends II Rise of Apocalypse.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-NetStat Professional 5.33.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-NetStat Professional 5.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\x-NetStat Professional 5.46.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Setup Pro 7.1 Final.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Setup Pro 7.2.360.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X-Setup Pro v7.1.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\X2 X-Men United.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\XAMPP 1.4.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Xara Suite 2005 Full.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Xara Suite 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Owner\Complete\Xara Webstyle 4.0 (451 MB).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #8 on: November 22, 2005, 05:19:20 PM »
Can you still do the following
I take it there were a ton of files this nasty downloaded to your computer

I didn't get a chance to see the whole log from Ewidos

So if you could, I know you ran this many times already
But check for updates with Ewido again

Additionally, in Ewido
Open the Quarantine list
Remove any backups in there you know are bad
EG...
Any backed up zipped files that were removed from this folder
 C:\Documents and Settings\Owner\Complete
Highlight them and "remove them finally"

Let's do a bit more cleaning in your log
See if we can get this computer running well again
We can use hijackthis to remove some optional entries on startup or msconfig
But I prefer to use this small download
Codestuff's Starter
UNZIP it too a folder of it's own, eg.
Make a folder in  MyDocuments
Right click and empty spot and left click NEW>>Folder
Name it something like Starter

Unzip the download to that folder
Open Starter.exe
Uncheck an item to disable on startup
Or look within a program first to disable on startup
These are the ones for now I would disable with STARTER

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
You can check for updates manually for Java in the Windows control panel, besides, the updater never seems to work very good

Have starter disable this one too, it can be started manually and considered a resource hog
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

Afterwards
Reboot back into safe mode
In case you missed this

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Navigate to the complete folder if found
 C:\Documents and Settings\Owner\Complete

Delete any files in the complete folder you didn't download yourself

Stay in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

Run another complete scan with Ewido
SAVE this report when done

Reboot back to Normal mode

Post a fresh hijackthis log and the new report from Ewido's

Let me know how things are running
When was the last time you did a Disk Defragment on this computer as part of regular maintenance?
« Last Edit: November 22, 2005, 05:21:58 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #9 on: November 22, 2005, 08:42:41 PM »
I can never get ewido to run more then one time, without uninstalling it and reinstalling it. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> When I start it up it just loads and and freezes continuously without allowing me to click anything (like the update button) any advice? Is there another program that would do the same thing?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #10 on: November 22, 2005, 08:46:49 PM »
Can you open Ewido in Normal mode and run it?

EDIT<<I guess not, you said you couldn't hit the update button

Have things improved on your end?

When was the last time you Defragged?

Can I see a new Hijackthis log please
« Last Edit: November 22, 2005, 08:51:02 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #11 on: November 22, 2005, 08:49:43 PM »
noo, i tried , it did the same thing....
& here is my latest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 5:46:26 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


Hope this shows some sort of improvement..

I gotta get dinner for the kids real quick..
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #12 on: November 22, 2005, 08:53:46 PM »
Do another scan with Hijackthis and put a check next to these entries:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in Windows post a fresh hijackthis log

When was the last time you Defragged?

How are things on your end?
« Last Edit: November 22, 2005, 08:54:18 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #13 on: November 22, 2005, 09:41:55 PM »
Fresh HJT posted below. We have only had this computer for maybe 8 months( at tax time I think)
, so I have never run a defrag, should I go ahead and do that? Things are a little better here, There haven't been alot of those official looking pop-ups, just the ones that are an anoyance (ads) Still though we had NO-Pop-ups until my son said he accidentally clicked yes on something about a week and a half ago.


Logfile of HijackThis v1.99.1
Scan saved at 6:20:37 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Updater.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by107fd.bay107.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[color=\"#FF0000\"]ALSO This is my current spybot results below can I rid the second one?[/color]

WildTangent: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #14 on: November 22, 2005, 10:03:22 PM »
Yes, it's definitely time to defrag your system
I like to run the Disk Defragmenter at least once a month
I suggest to do it in safe mode so minimum is running

What kind of popups are you getting?
What kind of ads?

Let me know that before you run the defragger
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #15 on: November 23, 2005, 08:12:23 AM »
Here are some of the headers and partial addresses in the pop-ups Im still getting:
Venus123
adchannel.
productopinions
ad.yieldmanager
ad.firstadsolution
ZEDO

Also I get the one(s) that say:
  Spyware or Adware may be damaging your computer check ok to scan your PC now.........

Ok thats about it, Im gettng ready to head off to work. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Have a good day. Ill check back after work,before I defrag.http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #16 on: November 23, 2005, 10:05:12 AM »
Before you attempt to defrag can you  do the following

Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.

Reboot into safe mode
This must be done in safe mode

Once in safe mode
Double-click aproposfix.exe and unzip it to the desktop.  Open the aproposfix folder on your desktop and run RunThis.bat.  Follow the prompts.

Reboot back to Normal mode

Post The entire contents of the log.txt file in the aproposfix folder.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #17 on: November 23, 2005, 08:01:14 PM »
Log of AproposFix v1
 
************
 
Running from directory:  
C:\Documents and Settings\Owner\Desktop\ap\aproposfix
 
************
 
Registry entries found:
 
[HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
@="GHFA.I1OPPOPPQPc1CGo.BOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP6A.A096:QGMG"
"Device"="\\\\.\\AdosMan"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\imamclib.sys"
"DriverName"="strmaud"
"HideUninstallerName"="C:\\Program Files\\Alcffice\\ochvices.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\rouduser.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\shumsmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X548626d-b57f-701a-710d-ec0c016ddbee}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Alcffice\\ocmotepg.exe"
 
************
 
Removing hidden service:
Service strmaud removed.
 
Removing hidden folder:
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #18 on: November 23, 2005, 11:17:34 PM »
Nichole, I have to know if you ran Aproposfix in safe mode
This is mandatory
The log you posted back from Apropos fix was not complete

Did you cut the bottom off?

If unsure
Restart back into safe mode and run it again
Reboot back into Normal mode and post the log from Apropos fix again

Could you also
Download and save F-Secure Blackite
 to your desktop.
 Doubleclick blbeta.exe
Accept the agreement, leave [X]scan through Windows Explorer checked, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name
 fsbl.xxxxxxx.log (where xxxxxxx represents numbers).
 The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply
« Last Edit: November 23, 2005, 11:18:14 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nichole

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
    • http://
win32.p2p-worm.alcan.a
« Reply #19 on: November 24, 2005, 12:15:43 AM »
Heres the:( yes i ran it in safe mode, (both times it said something about an error but this time I did get a full report, last time i didn't))

Log of AproposFix v1
 
************
 
Running from directory:  
C:\Documents and Settings\Owner\Desktop\ap\aproposfix
 
************
 
Registry entries found:
 
[HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
@="GHFA.I1OPPOPPQPc1CGo.BOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP6A.A096:QGMG"
"Device"="\\\\.\\AdosMan"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\imamclib.sys"
"DriverName"="strmaud"
"HideUninstallerName"="C:\\Program Files\\Alcffice\\ochvices.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\rouduser.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\shumsmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X548626d-b57f-701a-710d-ec0c016ddbee}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Alcffice\\ocmotepg.exe"
--
[HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
@="GHFA.I1OPPOPPQPc1CGo.BOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP6A.A096:QGMG"
"Device"="\\\\.\\AdosMan"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\imamclib.sys"
"DriverName"="strmaud"
"HideUninstallerName"="C:\\Program Files\\Alcffice\\ochvices.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\rouduser.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\shumsmgr.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X548626d-b57f-701a-710d-ec0c016ddbee}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Alcffice\\ocmotepg.exe"
 
************
 
Removing hidden service:
Service strmaud removed.
 
Removing hidden folder:
Deletion of folder Alcffice succeeded!
 
Deleting files:
 
Deletion of file C:\WINDOWS\system32\drivers\imamclib.sys succeeded!
Deletion of file C:\WINDOWS\system32\kdcpldlg.exe succeeded!
Deletion of file C:\WINDOWS\system32\shumsmgr.dll succeeded!
Deletion of file C:\WINDOWS\system32\rouduser.exe succeeded!
 
Backing up files:
Done!
 
Removing registry entries:
 
REGEDIT4
 
[-HKEY_CURRENT_USER\Software\CqPXtA33fX6D]
[-HKEY_CURRENT_USER\Software\CqPXtA33fX6D]
[-HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
[-HKEY_LOCAL_MACHINE\Software\CqPXtA33fX6D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C4D888-C9FF-4723-A5C1-A0D10FA2E220}]
 
Done!
 
Finished!


11/23/05 21:13:49 [Info]: BlackLight Engine 1.0.25 initialized
11/23/05 21:13:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/23/05 21:13:49 [Note]: 4019 4
11/23/05 21:13:49 [Note]: 4005 0
11/23/05 21:13:53 [Note]: 4006 0
11/23/05 21:13:54 [Note]: 4011 1480
11/23/05 21:13:54 [Note]: FSRAW library version 1.7.1013
11/23/05 21:15:08 [Note]: 4007 0
Logged
Pages: [1] 2
« previous next »