Post by: X on November 12, 2005, 10:44:15 PM
Scan saved at 9:38:35 PM, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\YEDIEx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\winupdates\winupdates.exe
C:\program files\support.com\bin\tgcmd.exe
E:\program files\valve\steam\steam.exe
E:\Program Files\LimeWire\LimeWire.exe
E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files\Anti-Virus\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh212112.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - E:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab (http://\"http://www.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094915485668\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126454599112\")
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe (http://\"http://www.trueswitch.com/sbc/TrueInstallSBC.exe\")
O18 - Filter: text/html - {2DE94081-9FE6-4227-BC59-B7A80CC8308C} - C:\Program Files\ClientMan\run\searchrep8181a0e2.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: YEDIEx - Unknown owner - C:\WINNT\system32\YEDIEx.exe
I can't seem to get rid of it with AdAware Personal SE. Any help would be greatly appreciated.
Post by: Afflicted on November 18, 2005, 11:07:11 PM
Post by: guestolo on November 18, 2005, 11:12:00 PM
Could you please post a fresh hijackthis log and we'll go from there
After you have done the above, could you also
Open Hijackthis>>Open "Misc tools section"
Open "Uninstall manager"
Click the SAVE LIST button
Save the list to desktop and copy and paste the Whole contents back here
Post by: Afflicted on November 18, 2005, 11:20:24 PM
Quote
Logfile of HijackThis v1.99.1
Scan saved at 10:19:08 PM, on 11/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\YEDIEx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\winupdates\winupdates.exe
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\program files\valve\steam\steam.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files\Anti-Virus\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh212112.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - E:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab (http://\"http://www.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094915485668\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126454599112\")
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe (http://\"http://www.trueswitch.com/sbc/TrueInstallSBC.exe\")
O18 - Filter: text/html - {2DE94081-9FE6-4227-BC59-B7A80CC8308C} - C:\Program Files\ClientMan\run\searchrep8181a0e2.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: YEDIEx - Unknown owner - C:\WINNT\system32\YEDIEx.exe
Uninstall Programs list:
Quote
3D Matrix Screensaver 1.0
3D Matrix Screensaver: "the Endless Corridors" 1.0
3ds max 5
AceHTML 5 Freeware
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 5.0 Limited Edition
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Reader 7.0
AfterBurner Media Software 32 bit
America Online
AnswerWorks Runtime
AOL Instant Messenger
AT&T Connection Services Manager
Atomic Clock Sync
BMSE dbl
BroadJump Client Foundation
BroadJump CorrectConnect Engine
Bryce® 5
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
C-Dilla Licence Management System
Chaos Pack 1.00 for Pocket Tanks Deluxe
Chompster
Corel Applications
Cult
Data Lifeguard Tools
Desktop Taipei
Dink Smallwood
DivX 5.0.3 Bundle
Do More 5.0
Do More 5.0
Dope Wars 2.0 for Windows
Drug Lord 2
DVMPEG
DX-Ball 2
Easy CD Creator 5 Basic
Empire Earth
Empire Earth - The Art of Conquest
Enhanced MediaLoads
FaceLift
fader
Family Tree Maker
ffdshow
Font Creator Program 4.0
Fruity Loops Studio 4.1
Game Maker 6.1
GameShark for GBA
Gateway Desktop Manager
Gateway Power Management
Google Earth
Google Earth Pro
Google Toolbar for Internet Explorer
GTW V.92 Voice Modem
GTW V.92 Voicemodem
Half-Life® 2
HelpSpot
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
HTML Editor 1.5
HTML-Kit
IconCool Editor V3.0
IconCool Studio v1.4
IE Help
IEC system
IMS Web Dwarf V2
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
InterActual Player
iPod for Windows 2005-10-12
iPod Updater 2004-08-06
IrfanView (remove only)
iTunes
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_04
Java Web Start
Kali95
KaZaA Lite 2.0.2 (Kazaalite.com Edition) Build 1
Kazaa Lite K++ v2.4.1
Kazaa Lite Resurrection 0.0.7.6 F
Kazaa Media Desktop 2.1.1
Kazaa Media Desktop 2.5
KazaaBegone 1.25
K-Lite Mega Codec Pack 1.27
Knight Online
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.41 .1
Logitech Resource Center
Logitech SetPoint
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia FreeHand 10
Macromedia Shockwave Player
MAIET Gunz
Mapedit
Medal of Honor Allied Assault
MGI PhotoSuite
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Deluxe 2001
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Picture It! Express 2001
Microsoft Publisher 2002
Microsoft Return of Arcade
Microsoft SAPI 5.1 Text to Speech Engine English
Microsoft Streets and Trips 2005
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Windows Journal Viewer
mIRC
Morpheus Software
MSN Gaming Zone
MSN Music Assistant
MSXML 4.0 SP2 Parser and SDK
MyNetProtecotor Anti Spy
Nero - Burning Rom
Nero Media Player
NeroVision Express 2
Netscape (7.1)
NVIDIA Drivers
P2P Networking3
Paint Shop Pro 7 Anniversary Edition
PCDJ FX
PC-Doctor for Windows
Pharaoh
PhoneTools
Picasa 2
Pocket Tanks 1.00b
Porrasturvat - Stair Dismount
Power Pack 1.00 for Pocket Tanks Deluxe
PS/2 Millennium Keyboard
QuickTime
Rogue Spear
Roll
SBC Connection Manager
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
SE Assistant
SE Help
Search Function
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SeeMePlayMe Client
SETI@home
Shockwave
Sid Meier's SimGolf
Sierra Utilities
SimCity 3000
SiteGenWiz 1.41
Spybot - Search & Destroy 1.4
Starcraft Brood War (RAZOR 1911)
Steam(tm)
Sudoku
SwiftSwitch
TeamSpeak 2 RC2
The Free HTML Editor
The Matrix Screen Saver
TI-Black Link
TI-Graph Link 83
TI-Graph Link 86
TNT 1.1 Release
Truck Dismount (remove only)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
USB Storage Tool for Windows XP Ver 1.00
Valve Hammer Editor
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebIQ Client Software
WinAce Archiver 2.0
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Winsyntax 2.0
Worms Armageddon Demo
I was also wondering if you could help me get some of the programs off the uninstall list, because I had deleted them, but they never deleted from the uninstall list, or list of programs. Thank you again.
Post by: guestolo on November 18, 2005, 11:44:31 PM
When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open
Right click an empty spot on the desktop and left click NEW>>Folder
A new folder will be placed on the desktop, name it BFU
Download and save p2pnetwork.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=426\")
Then UNZIP it to the BFU Folder
Download and save and then UNZIP to the BFU folder
BFU.zip (http://\"http://www.merijn.org/files/bfu.zip\")
So you now have BFU.exe extracted
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run it yet
==Download and then Install
Ewido Security Suite (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Download and save to desktop the
Standalone version of CWShredder (http://\"http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe\")
Please save these instructions to a Notepad file and save it to your Desktop for reference
Disconnect from the Internet
Open CWShredder.exe and click the FIX button
Let it fix what it finds
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link I supplied for a more detailed explanation
In safe mode
Run CWShredder FIX again, but Don't restart yet
Instead
Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit
Access your Add/Remove programs and remove the following
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Also, try and remove
P2P Networking3 <-Altnets if prompted
SE Assistant
SE Help
Search Function
Find and delete the following folder
C:\Program Files\ClientMan <-folder
Stay in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh212112.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - E:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O18 - Filter: text/html - {2DE94081-9FE6-4227-BC59-B7A80CC8308C} - C:\Program Files\ClientMan\run\searchrep8181a0e2.dll
O23 - Service: YEDIEx - Unknown owner - C:\WINNT\system32\YEDIEx.exe
After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart back to Normal mode
Back in Windows
Post a fresh hijackthis log and the whole report from Ewido's
Post by: Afflicted on November 19, 2005, 07:12:48 AM
Quote
Logfile of HijackThis v1.99.1
Scan saved at 6:09:32 AM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\Explorer.EXE
E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\program files\valve\steam\steam.exe
C:\WINNT\wanmpsvc.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
E:\Program Files\Anti-Virus\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab (http://\"http://www.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094915485668\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126454599112\")
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe (http://\"http://www.trueswitch.com/sbc/TrueInstallSBC.exe\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
Quote
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:50:33 AM, 11/19/2005
+ Report-Checksum: 9930EBBF
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Urlcli.CUrlCliObj\CLSID\\ -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\Urlcli.CUrlCliObj.1\CLSID\\ -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID\\ -> TrojanDownloader.WebP2P : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1\CLSID\\ -> TrojanDownloader.WebP2P : Cleaned with backup
HKLM\SOFTWARE\KMiNT21 -> Spyware.DesktopSpyAgent : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{850CD0B8-DA33-4558-A8C8-95D7908E37A7} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/btiein.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/btiein.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\1Click DVD Copy Pro 1.0.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\28 Days Later (2002).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\3D FTP 7.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\3DS Max7+SP13DS Max8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\ABBYY FineReader Pro 7.0.0.963.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\ABBYY FineReader Professional 8.0.706.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Access Password Recovery Genie 1.80.20051008.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\ACDSee 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Ace FTP 3 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Acoustica CDDVD Label Maker 2.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Acronis Privacy Expert Suite 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Active WebCam 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Advanced DVD Player.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Advanced File Encryptor - Encrypt your f.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Adware Away 2.2.86.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Age Of Empires III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Ahead Nero Premium 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\All To All AudioConvert 1.13.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Amazon DVD Shrinker 2.4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\American Pie 4 - Band Camp (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Anti Trojan Elite 3.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\AnyDVD 5.5.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Ardamax Keylogger 2.0 final Cool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Ashampoo Burning Studio 5.5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Ashampoo Burning Studio 5.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\AskSam Pro 6.0.2.777.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\AskSam Resume Tracking System Pro 6.0.2.774.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Atani 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Auto Cleaner 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\AutoCAD Lt 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\AutoPatcher XP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\AVG Anti-Virus 7.1 Build 362a656.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\AVG Anti-Virus 7.1.362.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Azureus 2.3.0.6 RC1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Beautiful Roses Screensaver 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Bee Icons 4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Best MIDI To MP3 1.3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Breme Write Right 2.5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\BSplayer Pro 1.30.818.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Buddy Icon Grabber 1.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\C and C Red Alert 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\CASE Studio 2.22.1.335.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Cheetah DVD Burner 1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Come and See.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Corel Painter Essentials 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Corel Photo Album 6 Deluxe + Extras.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Cucusoft Video Converter Pro 7.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Directory Opus 8.2.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Disk Space Inspector 2.9.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Doom - Soundtrack (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Doom - Soundtrack 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Dual DVD Copy 3.5.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Dual DVD Copy Gold 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Dungeon Siege 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\DVD Region + CSS Free 5.9.5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\DVDIdle 5.9.5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\E-PDF.Document.Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Easy CD-DA Extractor 8.2.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Easy FlashMaker 1.2.384.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Error Doctor 2006 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Eudora 6.2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\EXPStudio Audio Editor 3.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Fahrenheit - Indigo Prophecy (Game).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Fifa 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\File & Folder Protectors AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\File Control 1.38.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\File Listing Maker 1.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\File Recovery Professional 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\FileMerlin 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\FileSplit 2.33.420.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Flash Templates Box.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Flash2Video 3.02.460.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\FlipAlbum 6.0 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\FotoStation Pro 5.1.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\G-Clock 1.1c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\GoldLimit PrettyCase Personal Edition 4.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\GoldWave 5.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Google Toolbar for Internet Explorer 3.0.128.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Google Web Accelerator 0.2.62.80.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Grand Theft Auto.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Hacker 2005 - The Broken Link.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Harry Potter And The Goblet Of Fire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Hexprobe 1.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Hide IP Platinum 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Hiren`s BootCD 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Horoscope Interpreter.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\House of Wax (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Hpmbcalc 2.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Icon Changer 3.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\ICQ Lite 5.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\IM2 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\ImToo iPod Movie Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\ImTOO PSP Video Converter 2.1.55.1108B.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Internet Download Accelerator 4.1.2.845.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Internet Download Manager 4.02.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\InterVideo DVD Copy GoldPlatinum 3.0.B016.43C00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Iomatic System Medic v 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Jarhead (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Key Spy 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\KLS Backup 2005 Pro 1.7.0.012.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\KNOPPIX 4.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\KoolMoves 5.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Language Engineering Power Translator.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Limewire Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\ManageDesk 2.30.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Mass Downloader 3.0 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\McAfee VirusScan 10.0.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Microsoft Student 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Miss Elliot - So Addictive.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot - The Cookbook.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot - This Is Not A Test.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot - Under Construction.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Missy Elliot Da Real World.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Movie DVD Maker 1.3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Mozilla Firefox 1.5 RC3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\MP3 To Ringtone Gold 3.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\MSN Content Adder 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Mystica 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Need For Speed Most Wanted.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\NewLive All Media Fixer Pro 5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Nico`s Commander 5.58.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\No1 Video Converter 3.9.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\NOD 32 2.50.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Nofeel FTP Server Enterprise 3.0.2628.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\NoRedEye (merged).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Norton AntiVirus 2006 Protection Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\NTI CD & DVD Maker Platinum 7.0.0.4703.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\NTI CD DVD Maker Platinum 7.0.0.4703.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Office Intercom 4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Offline Explorer Enterprise 3.6.1950.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\One Click CD DVD Writer 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Panda Antivirus + Antispyware 2006 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Passware Kit Enterprise Edition 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\PC AdWare SpyWare Removal 2.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\PC Repair.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\PC-Cillin Internet Security 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Perfect Admin 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\PhotoDVD 2.013.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Pinnacle TitleDeko Pro 2.0.1634.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Planet 3D Screensavers 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\PlexTools Professional XL 3.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Postal 2 Apocalypse Weekend.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Power MP3 WMA Converter 2006 3.003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Power Video Converter 1.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\PowerArchiver 2004 9.20.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\PowerArchiver 2006 9.50.28.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Powerful Audio Tool 1.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\PropertyEditor 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Ram Idle Pro 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\RapidShare Hacks.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\RapidShare Harvester.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Rapidshare Premium Accounts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Real Spy Monitor 2.39.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Reg Organizer 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\RegDoctor 1.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\SageTV Recorder 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Selteco Bannershop GIF Animator 5.0.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Smartftp 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Sony Sound Forge 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\SoThink FlashVideo Encoder 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\SpeedItUp Extreme 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\SpyRemover 2.45.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Spyware and Adware Remover 9.2.0.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\SSS DJ 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Stardock Aquarium Desktop 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Stealth (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\StealthDisk 2005.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\STOPzilla 4.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\SuperRam 5.11.7.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Symantec WinFax Pro 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\System Mechanic Professional 6.0 m.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\System Mechanic Professional 6.0o.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\System Medic 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Text To Speech Maker 1.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\The Flash Ad Creator 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\The Modern Survival Retreat.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\The Perfect Man 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\The Weather Man (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Trillian Pro 3.1.0.121.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Tuneup Utilities 2006 5.0.2331.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Uk Speaking Clock 10.3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\vbs2exe English Edition 2.0.0.88.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Vista Explorer.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Webroot Spy Sweeper 4.5.7.656.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\White noise (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Winamp 5.093 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\WinAVI Video Converter 6.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\WinDVD Platinium 7.0.B27.130.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\WinDVD Platinum 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\WinDVD Recorder 5 Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\WinSettings 2005 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\WinXP Manager 4.89.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Wipe It 3.01.02.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Worms 4 Mayhem.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Xilisoft 3GP Video Converter 2.1.55.110.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\XPCSpy Pro 2.54.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Your Uninstaller 2004 Pro 3.9.517.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Zend Studio Client 4.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Peter Stroh\Complete\Zoo Tycoon 2 Endangered Species.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp\MARSHAL2.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp\P2P Networking3.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> Spyware.P2PNetworking : Cleaned with backup
C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4179.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4182.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4276.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4313.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4362.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4363.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-3292650235-2419647484-3825283475-1004\Dc4370.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\System Volume Information\_restore{87925209-405C-42A6-8FEE-9CF10CC35238}\RP1153\A0422535.exe -> Worm.VB.an : Cleaned with backup
C:\WINNT\ISNSYS.dll -> TrojanSpy.Justin : Cleaned with backup
C:\WINNT\Matrix Code Emulator.scr -> Backdoor.Backattack.20.C : Cleaned with backup
C:\WINNT\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall5_64-1.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\system32\BO2202031216.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\cm1.dll -> Spyware.ClientMan : Cleaned with backup
C:\WINNT\system32\ctbv2.dll -> Adware.SAHA : Cleaned with backup
C:\WINNT\system32\hotbar.exe -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\ignet2.dll -> TrojanDropper.Mudrop.w : Cleaned with backup
C:\WINNT\system32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINNT\system32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINNT\system32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\nostalgia1.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINNT\system32\nostalgia1.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\nostalgia1.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINNT\system32\nostalgia1.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\SHAgent.dll -> Adware.SAHA : Cleaned with backup
C:\WINNT\system32\sstep.dll -> TrojanDropper.Small.so : Cleaned with backup
C:\WINNT\system32\Xcite.exe -> Spyware.F1Organizer : Cleaned with backup
::Report End
Thank You! I can use task manager again!
Post by: guestolo on November 19, 2005, 12:45:05 PM
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Navigate to this folder if you can find it
C:\Documents and Settings\Peter Stroh\Complete
Remove any files in the Complete folder you do not recognize
They should be zip files, or the folder may now be empty
Can you run one more fix please
I just want to check on something
==Create a New folder on your desktop, call it Aboutbuster
(Right click an empty spot on the desktop and select NEW>>FOLDER)
Download to desktop About:Buster 5.1 (http://\"http://www.malwarebytes.org/ccount/click.php?id=1\")
by RubbeR Ducky
Unzip it to that new folder
Open the Aboutbuster folder and Run About:buster.exe
Click the Update button
Allow to update
Print the rest of these instructions or save them too Notepad for reference
Close all open windows, including this one
Do another scan with Hijackthis and put a check next to these entries:
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Run About:Buster.exe again
This time
Click the Begin Removal button
Can you please run this scan twice
When it's done it will produce a log in the Aboutbuster folder called
Ab logfile.txt
I'll need to see the log later
Restart your computer
Back in Windows
Post a fresh hijackthis log and the Ab logfile.txt from About:Buster
Could you also
Can you go to this site
Jotti's Online Malware scan (http://\"http://virusscan.jotti.org/\")
Give this site time to load if busy
Use the browse button and navigate to the file on your hard drive
C:\WINNT\system32\YEDIEx.exe <-this file, may not be malicious, but I want to check it
Right click on it and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scans back here please
Post by: Afflicted on November 19, 2005, 08:46:11 PM
Quote
Logfile of HijackThis v1.99.1
Scan saved at 7:45:10 PM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\program files\valve\steam\steam.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wscntfy.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINNT\system32\wuauclt.exe
E:\Program Files\Anti-Virus\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab (http://\"http://www.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094915485668\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126454599112\")
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe (http://\"http://www.trueswitch.com/sbc/TrueInstallSBC.exe\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
Quote
AboutBuster 5.1, reference file 33
Scan started on [11/19/2005]at [7:34:55 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:36:50 PM
AboutBuster 5.1, reference file 33
Scan started on [11/19/2005] at [7:37:15 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:38:51 PM
Quote
Service load: 0% 100%
File: YEDIEx.exe
Status: OK
MD5 7f3d1ec102fabde0c4ff3b2b750268fa
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
Post by: guestolo on November 19, 2005, 10:03:36 PM
I would leave
Hide Extensions for known file types unchecked
What do you use for an Active Virus scanner on your computer
I see an entry related to McAfee, but nothing Active
Do you need a free solution?
Post by: Afflicted on November 20, 2005, 09:00:11 AM
Post by: guestolo on November 20, 2005, 01:51:00 PM
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Once System Restore is reenabled
You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
Scroll down too IE-SPYAD (original) or
IE-SPYAD2>>Use one or the other
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2
For a free AV
Take a look at the following links
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
AVG 7 by Grisoft (http://\"http://free.grisoft.com/doc/2/lng/us/tpl/v5\")
AntiVir Personal Edition Classic (http://\"http://www.free-av.com/antivirus/allinonen.html\")
All have free versions
ONLY install one, more than one can cause conflicts and decrease your system performance noticably
After installation of either one, make sure you check for updates and run a full system scan
Post by: Afflicted on November 20, 2005, 09:23:01 PM
Should I follow the same steps you've already told me?
Post by: guestolo on November 20, 2005, 09:28:27 PM
Quote
It was gone, and now I scan again, and it is back.What are we talking about?
Should I follow the same steps you've already told me?
And what scan did you do?
Did you install one of the virus scanners I posted?
If not do so and update it and run a full system scan
Can I see a fresh hijackthis log please afterwards
Remember, Alcan worm is probably infecting you thru your file sharing programs
eg.. KaZaA Lite 2.0.2 (Kazaalite.com Edition) Build 1
Kazaa Lite K++ v2.4.1
Kazaa Lite Resurrection 0.0.7.6 F
Kazaa Media Desktop 2.1.1
Kazaa Media Desktop 2.5
morpheus
All are breeding grounds for infection
If you download something, make sure you check it for viruses first before opening it
You can use your new virus scanner
Post by: Afflicted on November 20, 2005, 10:46:47 PM
I am installing the programs you recommended. I only use Limewire, so if it is possible that Kazaa could still be infecting me somehow, how would I get rid of it and all its components?
I will post a frech HJT log after I scan with one of you recommended AV programs. I've used Ewido and Ad-aware already too.
Post by: guestolo on November 20, 2005, 11:08:08 PM
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Quote
I am installing the programs you recommended.Did you do this yet????
Quote
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Once System Restore is reenabled
You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
Scroll down too IE-SPYAD (original) or
IE-SPYAD2>>Use one or the other
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2
For a free AV
Take a look at the following links
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
AVG 7 by Grisoft (http://\"http://free.grisoft.com/doc/2/lng/us/tpl/v5\")
AntiVir Personal Edition Classic (http://\"http://www.free-av.com/antivirus/allinonen.html\")
All have free versions
ONLY install one, more than one can cause conflicts and decrease your system performance noticably
After installation of either one, make sure you check for updates and run a full system scan
Where is Ad-Aware finding Alcan?
Also, access your Add/REmove programs and remove
Kazaa Lite K++ v2.4.1
Kazaa Lite Resurrection 0.0.7.6 F
Kazaa Media Desktop 2.1.1
Kazaa Media Desktop 2.5
morpheus
And remember, you can still get the Alcan worm from Limewire too
Post by: Afflicted on November 21, 2005, 12:53:22 PM
I've done scans with ad-aware and ewido and they can't find any virus of any kind on here since I've installed avast. Thank you very very much.
If you're not convinced that my computer is clean, then I will post another HJT log at your request, but I'm pretty sure that everything is running smoothly. Thank you so much. Can I pay you somehow, or just donate to the site?
Post by: guestolo on November 21, 2005, 07:22:03 PM
Let's just make sure
I like Avast also, I use it on my other computer
Then we'll close this topic
Post by: Afflicted on November 22, 2005, 02:31:43 PM
Quote
Logfile of HijackThis v1.99.1
Scan saved at 1:30:41 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
E:\Program Files\Anti-Virus\avast\aswUpdSv.exe
E:\Program Files\Anti-Virus\avast\ashServ.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
E:\Program Files\Anti-Virus\avast\ashMaiSv.exe
E:\Program Files\Anti-Virus\avast\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\program files\support.com\bin\tgcmd.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\ANTI-V~1\avast\ashDisp.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Winamp\winamp.exe
E:\Program Files\Anti-Virus\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTFMon] C:\WINNT\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ANTI-V~1\avast\ashDisp.exe
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh212112.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab (http://\"http://www.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab (http://\"https://www.e-games.com.my/com/EGamesPlugin.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094915485668 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094915485668\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126454599112 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126454599112\")
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe (http://\"http://www.trueswitch.com/sbc/TrueInstallSBC.exe\")
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Anti-Virus\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Anti-Virus\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Anti-Virus\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Anti-Virus\avast\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\Anti-Virus\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
But seriously, you've helped so much. Can I pay you or something? I think you do so much for people without asking for anything in return and I just feel like you deserve something for your trouble.
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on November 23, 2005, 11:06:28 PM
Thank you much Afflicted for the donation
I'll lock this topic as your problems appear resolved
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />