Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - indigenous1

Pages: [1] 2 3

Tech Clinic / Do i have a virus?

« on: July 11, 2006, 02:43:33 PM »

i copied the contents of the code box to notepad and merged it to the registry. I also did the system scan w/ HJT and checked all of the entries you listed. I also deleted files and all offline content in internet options. I missed the part about resetting the web settings so i just now did that. when i ran spybot it still found bearshare in the same spot in the registry and could not remove it.

Tech Clinic / Do i have a virus?

« on: July 09, 2006, 11:43:38 PM »

I did not recently uninstall the yahoo toolbar. I was actually wondering what happened to it. Also when i open up ewido i get an upgrade option. should i upgrade? also when i said that ewido found a virus i meant to say spybot search & destroy. so here is an uninstall list, the ewido report and the spybot report.

Ad-Aware SE Personal
Adobe Reader 7.0.8
Agere Systems PCI Soft Modem
Anewsoft Video Converter 2.0
Avira AntiVir PersonalEdition Classic
CleanUp!
Compaq Connections
Compaq IJ650 Inkjet Printer
EPSON Printer Software
ewido anti-malware
HP Photo and Imaging 2.0 - Photosmart Cameras
iPod for Windows 2005-09-06
iRiver Manager
J2SE Runtime Environment 5.0 Update 6
Lavasoft VX2 Cleaner
LimeWire PRO 4.8.1
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Napster
Napster Burn Engine
RealPlayer
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
USB Storage Driver
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series SDK
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         10:50:40 PM, 7/9/2006
+ Report-Checksum:      84D91DE8

+ Scan result:

   C:\Documents and Settings\kerry and colleen\Cookies\kerry and [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

::Report End

-- Report generated: 2006-07-09 23:38 ---

Bearshare: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}

Tech Clinic / Do i have a virus?

« on: July 08, 2006, 06:38:44 PM »

I ran Ewido anti malware last week and it found a virus and removed it. That was after my cousin came over and messed around on my computer. Ever since then i've been the only one on the computer. then out of nowhere i run ewido again and it finds bearshare in my registry and it won't delete. none of my other anti-virus or anti-spyware seem to find it. is this something i need to worry about? Here is a fresh HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:36:51 PM, on 7/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136010394515
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Tech Clinic / How to remove win32.p2p.worm.alcan.a from Win ME

« on: April 17, 2006, 04:15:10 PM »

disabled and reenabled system restore. installed spyware blaster and the firewall software. everything is running great. thanks a lot for the help again.

Tech Clinic / How to remove win32.p2p.worm.alcan.a from Win ME

« on: April 15, 2006, 04:16:27 AM »

downloaded alcanshorty.bfu. uninstalled cleanup and installed the newer version (4.5.1.). ran custom cleanup and checked all boxes except DELETE PREFETCH FILES. this option was shaded out. Ran bfu.exe and panda activescan. Panda found nothing so it gave me no logfile. ran ad-aware again and still got same 2 worms. here is a fresh HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 4:10:09 AM, on 4/15/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\WUAUBOOT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...&c=2C01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirec...&c=2C01&lc=0409
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE" "+b1"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

Tech Clinic / How to remove win32.p2p.worm.alcan.a from Win ME

« on: April 14, 2006, 03:49:25 PM »

it's been a while since my last post so i'm not even sure if your previous directions still apply but i did them anyways. i haven't used this computer since our last post because i got a new one but now i want to give this one to my parents. i created the BFU folder in the C drive and unzipped P2Pnetwork.zip the the BFU folder. i downloaded and saved bfu.zip to the bfu folder also. removed entries in HJT log and ran cleanup and ad aware and installed AVAST antivirus. ad aware could not remove the virus and it is still present. the 2 infected files are c:\_RESTORE\TEMP\A0047072.1 and c:\_RESTORE\TEMP\A0047184.1. here is a fresh HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 3:38:52 PM, on 4/14/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...&c=2C01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirec...&c=2C01&lc=0409
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

Tech Clinic / Can't get rid of viruses

« on: February 01, 2006, 02:03:59 AM »

hey, i just wanna say thanks for being patient with me though this ordeal. i learned quite a lot thoughout this month long journey. i appreciate it. you actually will be hearing from me again very soon b/c in trying to download a program to fix this computer i got a virus on my own computer. i posted the thread over a month ago but i will find it and reply. i've just been busy putting all of my time and effort into this computer. trust me, my computer won't be nearly as difficult as this one was.

Tech Clinic / Can't get rid of viruses

« on: February 01, 2006, 01:32:38 AM »

I changed the name of the file and all other programs seem to be working fine.

Tech Clinic / Can't get rid of viruses

« on: January 30, 2006, 11:59:30 PM »

when i submit C:\WINDOWS\usuot.log to jotti's i get this reply in a blank white screen "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file" i do not know what it is related to. when i go to properties is says that it is a text document that opens with notepad. it is 4.0 kb and was created on dec 7, 2005. but everything seems to be running fine.

Tech Clinic / Can't get rid of viruses

« on: January 30, 2006, 06:45:30 AM »

when i tried to move the file C:\WINDOWS\usuot.log to the backup folder there was a prompt asking if i wanted to move this windows system file. i declined b/c the file sounds important (i didn't get that prompt with any other files). it's a good thing that you had me create another system restore point b/c i accidently deleted a couple registries that i shouldn't have and the computer started acting up and wouldn't run windows explorer. so i had to go back to that point and start over. i deleted all of the registries on the list. i ran ad aware 1 more time and it came up with nothing. ewido also found nothing. one thing though, when i went back to my restore point i don't remember if i re did this task: "In safe mode, go to START>>RUN>>Type in the following sc stop TBPSSvc" should i do it again just in case?

Tech Clinic / Can't get rid of viruses

« on: January 29, 2006, 06:11:34 PM »

downloaded and unzipped fix3. ran killbox and deleted the file. also deletd killbox folder. ran ad aware and it didn't find the file this time so we must've got it. also, searched for cgwbwj and it wasn't found. when i ran hjt ads the scan screen was blank and it wouldn't save a logfile so i assume it came up with nothing.
here are the logs you requested.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         4:27:37 PM, 1/29/2006
+ Report-Checksum:      562370BB

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{CAE0999F-78C5-49DC-9F30-13142AAAABA4} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Toolbar -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Toolbar\Files -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Toolbar\Install -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Toolbar\PlugIns -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Toolbar\Server -> Spyware.WebSearch : Error during cleaning
   HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc -> Spyware.WebSearch : Error during cleaning
   C:\counter.cab/counter.exe -> Dropper.Agent.az : Cleaned with backup

::Report End

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 1/19/2006 12:56:46 AM 43391 C:\WINDOWS\browser.exe
UPX! 6/4/2005 11:52:48 AM 84642 C:\WINDOWS\n_ituoof.log

Checking %System% folder...
UPX! 12/20/2005 6:21:38 AM 481280 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 8/16/2003 1:40:04 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 1/4/2006 7:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 7:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/15/2003 8:41:44 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Umonitor 8/15/2003 8:52:22 PM 631808 C:\WINDOWS\SYSTEM32\_003788_.tmp.dll
Umonitor 8/15/2003 8:52:22 PM 631808 C:\WINDOWS\SYSTEM32\_004055_.tmp.dll
Umonitor 8/15/2003 8:52:22 PM 631808 C:\WINDOWS\SYSTEM32\_004495_.tmp.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/29/2006 1:21:30 PM S 2048 C:\WINDOWS\bootstat.dat
12/7/2005 10:04:38 PM HS 0 C:\WINDOWS\usuot.log
12/31/2005 12:27:02 AM H 0 C:\WINDOWS\inf\oem37.inf
1/19/2006 11:27:50 AM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_7.cab
11/30/2005 10:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 6:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 5:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/29/2006 1:21:38 PM H 16384 C:\WINDOWS\system32\config\default.LOG
1/29/2006 1:21:40 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/29/2006 1:21:30 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
1/29/2006 1:41:34 PM H 81920 C:\WINDOWS\system32\config\software.LOG
1/29/2006 1:21:42 PM H 1122304 C:\WINDOWS\system32\config\system.LOG
1/19/2006 2:23:18 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
1/19/2006 11:27:50 AM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
1/19/2006 11:27:50 AM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
1/29/2006 1:20:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/15/2003 7:49:58 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/15/2003 7:57:52 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/15/2003 8:04:26 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/15/2003 7:49:58 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/15/2003 7:57:52 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/15/2003 8:04:26 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Intel Corporation 2/10/2004 7:53:24 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp. 2/10/2004 2:19:32 AM 14224384 C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/29/2004 2:27:32 PM 1903 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
4/2/2004 1:55:28 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
1/24/2006 4:47:28 PM 1738 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
4/2/2004 5:46:32 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
11/8/2004 5:12:00 PM H 0 C:\Documents and Settings\All Users\Application Data\hpothb07.dat
11/8/2004 5:12:00 PM H 0 C:\Documents and Settings\All Users\Application Data\hpothb07.tif

Checking files in %USERPROFILE%\Startup folder...
4/2/2004 1:55:28 PM HS 84 C:\Documents and Settings\kerry and colleen\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
4/2/2004 5:46:32 AM HS 62 C:\Documents and Settings\kerry and colleen\Application Data\desktop.ini
11/8/2004 5:09:54 PM H 0 C:\Documents and Settings\kerry and colleen\Application Data\hpothb07.dat
11/8/2004 5:09:54 PM H 0 C:\Documents and Settings\kerry and colleen\Application Data\hpothb07.tif
3/13/2005 6:45:54 PM 75771 C:\Documents and Settings\kerry and colleen\Application Data\tizinf.xml

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   SV1    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
   {472083B0-C522-11CF-8763-00608CC02F24}    = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
   {472083B0-C522-11CF-8763-00608CC02F24}    = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
   {7C9D5882-CB4A-4090-96C8-430BFE8B795B}    = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
   SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
   Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {2318C2B1-4965-11d4-9B18-009027A5CD4F}    = &Google   : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}
   ButtonText    = AOL Toolbar   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google   : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   hpsysdrv   c:\windows\system\hpsysdrv.exe
   Recguard   C:\WINDOWS\SMINST\RECGUARD.EXE
   VTTimer   VTTimer.exe
   AGRSMMSG   AGRSMMSG.exe
   UpdateManager   "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
   EPSON Stylus CX5200   C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
   SunJavaUpdateSched   C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
   avast!   C:\PROGRA~1\ALWILS~1\AVAST4\ashDisp.exe
   CMPDPSRV   C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   MSMSGS   "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   0
   services   0
   startup   0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
    = igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    = WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/29/2006 4:34:11 PM

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, January 29, 2006 4:46:19 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R89 24.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

1-29-2006 4:46:19 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\kerry and colleen\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\kerry and colleen\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-833561583-498507320-2471684171-1008\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 560
ThreadCreationTime : 1-29-2006 10:44:29 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 616
ThreadCreationTime : 1-29-2006 10:44:31 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 640
ThreadCreationTime : 1-29-2006 10:44:31 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 1-29-2006 10:44:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 1-29-2006 10:44:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 1-29-2006 10:44:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 928
ThreadCreationTime : 1-29-2006 10:44:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 1-29-2006 10:44:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1080
ThreadCreationTime : 1-29-2006 10:44:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1172
ThreadCreationTime : 1-29-2006 10:44:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1428
ThreadCreationTime : 1-29-2006 10:44:34 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1528
ThreadCreationTime : 1-29-2006 10:44:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [hpsysdrv.exe]
FilePath : C:\windows\system\
ProcessID : 1660
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:14 [vttimer.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1676
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal
FileVersion : 1.04.06-1020
ProductVersion : 1.04.06-1020
ProductName : S3 Graphics, Inc. Utilities
CompanyName : S3 Graphics, Inc.
InternalName : S3Timer
LegalCopyright : Copyright © 2001-2004 S3 Graphics, Inc.
LegalTrademarks : S3 is a registered trademark of S3 Incorporated

#:15 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1684
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal
FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:16 [sgtray.exe]
FilePath : C:\Program Files\Common Files\Sonic\Update Manager\
ProcessID : 1692
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal
FileVersion : 1.01.32a
CompanyName : Sonic Solutions
FileDescription : Sonic Update Manager
LegalCopyright : Copyright © 2002 Sonic Solutions

#:17 [e_s10ic2.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 1700
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal
FileVersion : 3.05
ProductVersion : 3.05
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S10IC2.EXE

#:18 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1708
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal

#:19 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\AVAST4\
ProcessID : 1720
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal
FileVersion : 4, 6, 739, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:20 [cmpdpsrv.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 1732
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal
FileVersion : 1.0.0.137
ProductVersion : 1.0.0.137
ProductName : Printer Driver Plus
CompanyName : Conexant Systems, Inc.
FileDescription : PDP RPC Server
InternalName : PDPserver
LegalCopyright : Copyright© Conexant Systems, Inc. 1996-2001
OriginalFilename : PDPserve.dll

#:21 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1756
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:22 [backweb-1940576.exe]
FilePath : C:\Program Files\Compaq Connections\1940576\Program\
ProcessID : 1808
ThreadCreationTime : 1-29-2006 10:44:35 PM
BasePriority : Normal

#:23 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 424
ThreadCreationTime : 1-29-2006 10:44:42 PM
BasePriority : Normal

#:24 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 436
ThreadCreationTime : 1-29-2006 10:44:42 PM
BasePriority : High
FileVersion : 4, 6, 739, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:25 [eebsvc.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ProcessID : 468
ThreadCreationTime : 1-29-2006 10:44:42 PM
BasePriority : Normal

#:26 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ProcessID : 484
ThreadCreationTime : 1-29-2006 10:44:42 PM
BasePriority : Normal
FileVersion : 2, 3, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:27 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 516
ThreadCreationTime : 1-29-2006 10:44:43 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:28 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1148
ThreadCreationTime : 1-29-2006 10:44:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:29 [wrsssdk.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 1668
ThreadCreationTime : 1-29-2006 10:44:47 PM
BasePriority : Normal
FileVersion : 2,0,9,509
ProductVersion : 2, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper SDK
LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:30 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2056
ThreadCreationTime : 1-29-2006 10:44:53 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:31 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2332
ThreadCreationTime : 1-29-2006 10:44:54 PM
BasePriority : Normal

#:32 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2380
ThreadCreationTime : 1-29-2006 10:44:55 PM
BasePriority : Normal

#:33 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2676
ThreadCreationTime : 1-29-2006 10:44:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:34 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3160
ThreadCreationTime : 1-29-2006 10:45:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:35 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3196
ThreadCreationTime : 1-29-2006 10:45:17 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:36 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3416
ThreadCreationTime : 1-29-2006 10:45:39 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:37 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 3520
ThreadCreationTime : 1-29-2006 10:46:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:38 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3588
ThreadCreationTime : 1-29-2006 10:46:12 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 15

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

5:04:25 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:05.281
Objects scanned:168188
Objects identified:0
Objects ignored:0
New critical objects:0

Tech Clinic / Can't get rid of viruses

« on: January 28, 2006, 05:23:27 PM »

ran killbox and deleted the 2 files and temp files. here is the ads log. ran ad aware again. virus still present.

C:\!KillBox\_detmp.2 : aagjuq (11736 bytes)
C:\!KillBox\_detmp.2 : aaqmhk (0 bytes)
C:\!KillBox\_detmp.2 : abclxy (0 bytes)
C:\!KillBox\_detmp.2 : abfcuh (0 bytes)
C:\!KillBox\_detmp.2 : accrny (0 bytes)
C:\!KillBox\_detmp.2 : acrarp (0 bytes)
C:\!KillBox\_detmp.2 : aeayez (11736 bytes)
C:\!KillBox\_detmp.2 : aefkgw (0 bytes)
C:\!KillBox\_detmp.2 : aeinmg (0 bytes)
C:\!KillBox\_detmp.2 : aeutkn (0 bytes)
C:\!KillBox\_detmp.2 : afczin (0 bytes)
C:\!KillBox\_detmp.2 : afrime (0 bytes)
C:\!KillBox\_detmp.2 : agaube (0 bytes)
C:\!KillBox\_detmp.2 : agauzv (0 bytes)
C:\!KillBox\_detmp.2 : ahjsin (0 bytes)
C:\!KillBox\_detmp.2 : ahuhuc (0 bytes)
C:\!KillBox\_detmp.2 : ahvjfw (0 bytes)
C:\!KillBox\_detmp.2 : ahxkbl (0 bytes)
C:\!KillBox\_detmp.2 : aizolz (11152 bytes)
C:\!KillBox\_detmp.2 : ajckmh (0 bytes)
C:\!KillBox\_detmp.2 : ajfvsr (0 bytes)
C:\!KillBox\_detmp.2 : ajqtqy (0 bytes)
C:\!KillBox\_detmp.2 : ajtwwi (0 bytes)
C:\!KillBox\_detmp.2 : akejwf (0 bytes)
C:\!KillBox\_detmp.2 : akpatw (0 bytes)
C:\!KillBox\_detmp.2 : amcszw (0 bytes)
C:\!KillBox\_detmp.2 : amfvfg (0 bytes)
C:\!KillBox\_detmp.2 : amrbcn (0 bytes)
C:\!KillBox\_detmp.2 : amuejx (0 bytes)
C:\!KillBox\_detmp.2 : anoqee (0 bytes)
C:\!KillBox\_detmp.2 : anouyu (11152 bytes)
C:\!KillBox\_detmp.2 : aokbck (4870 bytes)
C:\!KillBox\_detmp.2 : aomlvm (0 bytes)
C:\!KillBox\_detmp.2 : aoxcrv (0 bytes)
C:\!KillBox\_detmp.2 : apbnme (0 bytes)
C:\!KillBox\_detmp.2 : apgyrt (0 bytes)
C:\!KillBox\_detmp.2 : apjjxd (0 bytes)
C:\!KillBox\_detmp.2 : apuatm (0 bytes)
C:\!KillBox\_detmp.2 : apuszm (0 bytes)
C:\!KillBox\_detmp.2 : apzbct (0 bytes)
C:\!KillBox\_detmp.2 : arjrna (9237 bytes)
C:\!KillBox\_detmp.2 : arncqn (0 bytes)
C:\!KillBox\_detmp.2 : asrmdh (0 bytes)
C:\!KillBox\_detmp.2 : atehuh (11736 bytes)
C:\!KillBox\_detmp.2 : atqubp (0 bytes)
C:\!KillBox\_detmp.2 : aulnfd (11736 bytes)
C:\!KillBox\_detmp.2 : aunjvf (0 bytes)
C:\!KillBox\_detmp.2 : aurjcz (0 bytes)
C:\!KillBox\_detmp.2 : auxoly (9237 bytes)
C:\!KillBox\_detmp.2 : auzpan (0 bytes)
C:\!KillBox\_detmp.2 : avqlmc (11152 bytes)
C:\!KillBox\_detmp.2 : awiuoe (0 bytes)
C:\!KillBox\_detmp.2 : awxvqx (0 bytes)
C:\!KillBox\_detmp.2 : axcojl (0 bytes)
C:\!KillBox\_detmp.2 : axneiv (0 bytes)
C:\!KillBox\_detmp.2 : axrhzm (0 bytes)
C:\!KillBox\_detmp.2 : axrpnc (0 bytes)
C:\!KillBox\_detmp.2 : ayoric (11736 bytes)
C:\!KillBox\_detmp.2 : azqhoj (4870 bytes)
C:\!KillBox\_detmp.2 : azybmw (0 bytes)
C:\!KillBox\_detmp.2 : babdet (0 bytes)
C:\!KillBox\_detmp.2 : baovaa (0 bytes)
C:\!KillBox\_detmp.2 : bavxst (11736 bytes)
C:\!KillBox\_detmp.2 : bazmxj (0 bytes)
C:\!KillBox\_detmp.2 : bblsur (0 bytes)
C:\!KillBox\_detmp.2 : bbvxvz (11152 bytes)
C:\!KillBox\_detmp.2 : bcozvz (0 bytes)
C:\!KillBox\_detmp.2 : bczrri (0 bytes)
C:\!KillBox\_detmp.2 : bdgdnp (0 bytes)
C:\!KillBox\_detmp.2 : bdsujy (0 bytes)
C:\!KillBox\_detmp.2 : bdytsd (11152 bytes)
C:\!KillBox\_detmp.2 : begeru (0 bytes)
C:\!KillBox\_detmp.4 : aoauxa (0 bytes)
C:\!KillBox\_detmp.4 : bfmtqz (0 bytes)
C:\!KillBox\_detmp.4 : bznuba (0 bytes)
C:\!KillBox\_detmp.4 : dsdffe (0 bytes)
C:\!KillBox\_detmp.4 : dvwnrt (0 bytes)
C:\!KillBox\_detmp.4 : dwfinc (0 bytes)
C:\!KillBox\_detmp.4 : egpigq (0 bytes)
C:\!KillBox\_detmp.4 : erhjsg (0 bytes)
C:\!KillBox\_detmp.4 : ewmjqj (0 bytes)
C:\!KillBox\_detmp.4 : faluce (0 bytes)
C:\!KillBox\_detmp.4 : frrrkv (0 bytes)
C:\!KillBox\_detmp.4 : ftrzxl (0 bytes)
C:\!KillBox\_detmp.4 : gpomuh (0 bytes)
C:\!KillBox\_detmp.4 : hblgxn (0 bytes)
C:\!KillBox\_detmp.4 : igephh (0 bytes)
C:\!KillBox\_detmp.4 : ilnwkr (0 bytes)
C:\!KillBox\_detmp.4 : iyihoh (0 bytes)
C:\!KillBox\_detmp.4 : jgvphx (0 bytes)
C:\!KillBox\_detmp.4 : jhphtu (0 bytes)
C:\!KillBox\_detmp.4 : jjuwxc (0 bytes)
C:\!KillBox\_detmp.4 : jpvivx (0 bytes)
C:\!KillBox\_detmp.4 : kclzxr (0 bytes)
C:\!KillBox\_detmp.4 : kkiqqj (0 bytes)
C:\!KillBox\_detmp.4 : kmorfq (0 bytes)
C:\!KillBox\_detmp.4 : kwgsqp (0 bytes)
C:\!KillBox\_detmp.4 : kwudlr (0 bytes)
C:\!KillBox\_detmp.4 : kwvtuy (0 bytes)
C:\!KillBox\_detmp.4 : kzlakb (0 bytes)
C:\!KillBox\_detmp.4 : lpreb (0 bytes)
C:\!KillBox\_detmp.4 : lqxdqw (0 bytes)
C:\!KillBox\_detmp.4 : lyiumf (0 bytes)
C:\!KillBox\_detmp.4 : mhxemm (0 bytes)
C:\!KillBox\_detmp.4 : moiuao (0 bytes)
C:\!KillBox\_detmp.4 : mtytdi (0 bytes)
C:\!KillBox\_detmp.4 : naujlu (197761 bytes)
C:\!KillBox\_detmp.4 : npintp (0 bytes)
C:\!KillBox\_detmp.4 : obdgtr (0 bytes)
C:\!KillBox\_detmp.4 : oespkx (0 bytes)
C:\!KillBox\_detmp.4 : ogfjco (0 bytes)
C:\!KillBox\_detmp.4 : pibbdc (0 bytes)
C:\!KillBox\_detmp.4 : ppelqn (0 bytes)
C:\!KillBox\_detmp.4 : ptrfuu (0 bytes)
C:\!KillBox\_detmp.4 : qanbdz (0 bytes)
C:\!KillBox\_detmp.4 : qcxnyr (0 bytes)
C:\!KillBox\_detmp.4 : qdfipp (0 bytes)
C:\!KillBox\_detmp.4 : qmsogi (0 bytes)
C:\!KillBox\_detmp.4 : qscjhq (0 bytes)
C:\!KillBox\_detmp.4 : rolvbm (0 bytes)
C:\!KillBox\_detmp.4 : rqrequ (0 bytes)
C:\!KillBox\_detmp.4 : rxxajf (0 bytes)
C:\!KillBox\_detmp.4 : sbelrp (0 bytes)
C:\!KillBox\_detmp.4 : sufbxq (0 bytes)
C:\!KillBox\_detmp.4 : svcqrh (0 bytes)
C:\!KillBox\_detmp.4 : tfmxkv (0 bytes)
C:\!KillBox\_detmp.4 : tgfykc (0 bytes)
C:\!KillBox\_detmp.4 : thiidu (0 bytes)
C:\!KillBox\_detmp.4 : ttlogh (197761 bytes)
C:\!KillBox\_detmp.4 : uagzek (0 bytes)
C:\!KillBox\_detmp.4 : ukjyqg (0 bytes)
C:\!KillBox\_detmp.4 : usupmp (0 bytes)
C:\!KillBox\_detmp.4 : vgvuil (0 bytes)
C:\!KillBox\_detmp.4 : vllamw (0 bytes)
C:\!KillBox\_detmp.4 : vorkbl (0 bytes)
C:\!KillBox\_detmp.4 : vtwkho (0 bytes)
C:\!KillBox\_detmp.4 : vvostd (0 bytes)
C:\!KillBox\_detmp.4 : vxxohe (0 bytes)
C:\!KillBox\_detmp.4 : whtmxb (0 bytes)
C:\!KillBox\_detmp.4 : wzowmt (197761 bytes)
C:\!KillBox\_detmp.4 : xbeieg (0 bytes)
C:\!KillBox\_detmp.4 : xcyurv (0 bytes)
C:\!KillBox\_detmp.4 : xkjloe (0 bytes)
C:\!KillBox\_detmp.4 : xrjemg (0 bytes)
C:\WINDOWS\system32 : pbaa.dll (3584 bytes)
C:\WINDOWS\system32 : pbaa.dll (3584 bytes)
C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\AGRSMMSG.exe : cgwbwj (3567 bytes)

Tech Clinic / Can't get rid of viruses

« on: January 27, 2006, 04:57:31 AM »

Deleted all files in temp and temporary internet folders although 2 would not delete b/c the files were in use.ran cleanup and merged cwsserviceremove.reg. also ran regseeker. here is the ADS spy log. just ran ad aware again and the virus is still there.

C:\WINDOWS\_detmp.2 : aagjuq (11736 bytes)
C:\WINDOWS\_detmp.2 : aaqmhk (0 bytes)
C:\WINDOWS\_detmp.2 : abclxy (0 bytes)
C:\WINDOWS\_detmp.2 : abfcuh (0 bytes)
C:\WINDOWS\_detmp.2 : accrny (0 bytes)
C:\WINDOWS\_detmp.2 : acrarp (0 bytes)
C:\WINDOWS\_detmp.2 : aeayez (11736 bytes)
C:\WINDOWS\_detmp.2 : aefkgw (0 bytes)
C:\WINDOWS\_detmp.2 : aeinmg (0 bytes)
C:\WINDOWS\_detmp.2 : aeutkn (0 bytes)
C:\WINDOWS\_detmp.2 : afczin (0 bytes)
C:\WINDOWS\_detmp.2 : afrime (0 bytes)
C:\WINDOWS\_detmp.2 : agaube (0 bytes)
C:\WINDOWS\_detmp.2 : agauzv (0 bytes)
C:\WINDOWS\_detmp.2 : ahjsin (0 bytes)
C:\WINDOWS\_detmp.2 : ahuhuc (0 bytes)
C:\WINDOWS\_detmp.2 : ahvjfw (0 bytes)
C:\WINDOWS\_detmp.2 : ahxkbl (0 bytes)
C:\WINDOWS\_detmp.2 : aizolz (11152 bytes)
C:\WINDOWS\_detmp.2 : ajckmh (0 bytes)
C:\WINDOWS\_detmp.2 : ajfvsr (0 bytes)
C:\WINDOWS\_detmp.2 : ajqtqy (0 bytes)
C:\WINDOWS\_detmp.2 : ajtwwi (0 bytes)
C:\WINDOWS\_detmp.2 : akejwf (0 bytes)
C:\WINDOWS\_detmp.2 : akpatw (0 bytes)
C:\WINDOWS\_detmp.2 : amcszw (0 bytes)
C:\WINDOWS\_detmp.2 : amfvfg (0 bytes)
C:\WINDOWS\_detmp.2 : amrbcn (0 bytes)
C:\WINDOWS\_detmp.2 : amuejx (0 bytes)
C:\WINDOWS\_detmp.2 : anoqee (0 bytes)
C:\WINDOWS\_detmp.2 : anouyu (11152 bytes)
C:\WINDOWS\_detmp.2 : aokbck (4870 bytes)
C:\WINDOWS\_detmp.2 : aomlvm (0 bytes)
C:\WINDOWS\_detmp.2 : aoxcrv (0 bytes)
C:\WINDOWS\_detmp.2 : apbnme (0 bytes)
C:\WINDOWS\_detmp.2 : apgyrt (0 bytes)
C:\WINDOWS\_detmp.2 : apjjxd (0 bytes)
C:\WINDOWS\_detmp.2 : apuatm (0 bytes)
C:\WINDOWS\_detmp.2 : apuszm (0 bytes)
C:\WINDOWS\_detmp.2 : apzbct (0 bytes)
C:\WINDOWS\_detmp.2 : arjrna (9237 bytes)
C:\WINDOWS\_detmp.2 : arncqn (0 bytes)
C:\WINDOWS\_detmp.2 : asrmdh (0 bytes)
C:\WINDOWS\_detmp.2 : atehuh (11736 bytes)
C:\WINDOWS\_detmp.2 : atqubp (0 bytes)
C:\WINDOWS\_detmp.2 : aulnfd (11736 bytes)
C:\WINDOWS\_detmp.2 : aunjvf (0 bytes)
C:\WINDOWS\_detmp.2 : aurjcz (0 bytes)
C:\WINDOWS\_detmp.2 : auxoly (9237 bytes)
C:\WINDOWS\_detmp.2 : auzpan (0 bytes)
C:\WINDOWS\_detmp.2 : avqlmc (11152 bytes)
C:\WINDOWS\_detmp.2 : awiuoe (0 bytes)
C:\WINDOWS\_detmp.2 : awxvqx (0 bytes)
C:\WINDOWS\_detmp.2 : axcojl (0 bytes)
C:\WINDOWS\_detmp.2 : axneiv (0 bytes)
C:\WINDOWS\_detmp.2 : axrhzm (0 bytes)
C:\WINDOWS\_detmp.2 : axrpnc (0 bytes)
C:\WINDOWS\_detmp.2 : ayoric (11736 bytes)
C:\WINDOWS\_detmp.2 : azqhoj (4870 bytes)
C:\WINDOWS\_detmp.2 : azybmw (0 bytes)
C:\WINDOWS\_detmp.2 : babdet (0 bytes)
C:\WINDOWS\_detmp.2 : baovaa (0 bytes)
C:\WINDOWS\_detmp.2 : bavxst (11736 bytes)
C:\WINDOWS\_detmp.2 : bazmxj (0 bytes)
C:\WINDOWS\_detmp.2 : bblsur (0 bytes)
C:\WINDOWS\_detmp.2 : bbvxvz (11152 bytes)
C:\WINDOWS\_detmp.2 : bcozvz (0 bytes)
C:\WINDOWS\_detmp.2 : bczrri (0 bytes)
C:\WINDOWS\_detmp.2 : bdgdnp (0 bytes)
C:\WINDOWS\_detmp.2 : bdsujy (0 bytes)
C:\WINDOWS\_detmp.2 : bdytsd (11152 bytes)
C:\WINDOWS\_detmp.2 : begeru (0 bytes)
C:\WINDOWS\_detmp.4 : aoauxa (0 bytes)
C:\WINDOWS\_detmp.4 : bfmtqz (0 bytes)
C:\WINDOWS\_detmp.4 : bznuba (0 bytes)
C:\WINDOWS\_detmp.4 : dsdffe (0 bytes)
C:\WINDOWS\_detmp.4 : dvwnrt (0 bytes)
C:\WINDOWS\_detmp.4 : dwfinc (0 bytes)
C:\WINDOWS\_detmp.4 : egpigq (0 bytes)
C:\WINDOWS\_detmp.4 : erhjsg (0 bytes)
C:\WINDOWS\_detmp.4 : ewmjqj (0 bytes)
C:\WINDOWS\_detmp.4 : faluce (0 bytes)
C:\WINDOWS\_detmp.4 : frrrkv (0 bytes)
C:\WINDOWS\_detmp.4 : ftrzxl (0 bytes)
C:\WINDOWS\_detmp.4 : gpomuh (0 bytes)
C:\WINDOWS\_detmp.4 : hblgxn (0 bytes)
C:\WINDOWS\_detmp.4 : igephh (0 bytes)
C:\WINDOWS\_detmp.4 : ilnwkr (0 bytes)
C:\WINDOWS\_detmp.4 : iyihoh (0 bytes)
C:\WINDOWS\_detmp.4 : jgvphx (0 bytes)
C:\WINDOWS\_detmp.4 : jhphtu (0 bytes)
C:\WINDOWS\_detmp.4 : jjuwxc (0 bytes)
C:\WINDOWS\_detmp.4 : jpvivx (0 bytes)
C:\WINDOWS\_detmp.4 : kclzxr (0 bytes)
C:\WINDOWS\_detmp.4 : kkiqqj (0 bytes)
C:\WINDOWS\_detmp.4 : kmorfq (0 bytes)
C:\WINDOWS\_detmp.4 : kwgsqp (0 bytes)
C:\WINDOWS\_detmp.4 : kwudlr (0 bytes)
C:\WINDOWS\_detmp.4 : kwvtuy (0 bytes)
C:\WINDOWS\_detmp.4 : kzlakb (0 bytes)
C:\WINDOWS\_detmp.4 : lpreb (0 bytes)
C:\WINDOWS\_detmp.4 : lqxdqw (0 bytes)
C:\WINDOWS\_detmp.4 : lyiumf (0 bytes)
C:\WINDOWS\_detmp.4 : mhxemm (0 bytes)
C:\WINDOWS\_detmp.4 : moiuao (0 bytes)
C:\WINDOWS\_detmp.4 : mtytdi (0 bytes)
C:\WINDOWS\_detmp.4 : naujlu (197761 bytes)
C:\WINDOWS\_detmp.4 : npintp (0 bytes)
C:\WINDOWS\_detmp.4 : obdgtr (0 bytes)
C:\WINDOWS\_detmp.4 : oespkx (0 bytes)
C:\WINDOWS\_detmp.4 : ogfjco (0 bytes)
C:\WINDOWS\_detmp.4 : pibbdc (0 bytes)
C:\WINDOWS\_detmp.4 : ppelqn (0 bytes)
C:\WINDOWS\_detmp.4 : ptrfuu (0 bytes)
C:\WINDOWS\_detmp.4 : qanbdz (0 bytes)
C:\WINDOWS\_detmp.4 : qcxnyr (0 bytes)
C:\WINDOWS\_detmp.4 : qdfipp (0 bytes)
C:\WINDOWS\_detmp.4 : qmsogi (0 bytes)
C:\WINDOWS\_detmp.4 : qscjhq (0 bytes)
C:\WINDOWS\_detmp.4 : rolvbm (0 bytes)
C:\WINDOWS\_detmp.4 : rqrequ (0 bytes)
C:\WINDOWS\_detmp.4 : rxxajf (0 bytes)
C:\WINDOWS\_detmp.4 : sbelrp (0 bytes)
C:\WINDOWS\_detmp.4 : sufbxq (0 bytes)
C:\WINDOWS\_detmp.4 : svcqrh (0 bytes)
C:\WINDOWS\_detmp.4 : tfmxkv (0 bytes)
C:\WINDOWS\_detmp.4 : tgfykc (0 bytes)
C:\WINDOWS\_detmp.4 : thiidu (0 bytes)
C:\WINDOWS\_detmp.4 : ttlogh (197761 bytes)
C:\WINDOWS\_detmp.4 : uagzek (0 bytes)
C:\WINDOWS\_detmp.4 : ukjyqg (0 bytes)
C:\WINDOWS\_detmp.4 : usupmp (0 bytes)
C:\WINDOWS\_detmp.4 : vgvuil (0 bytes)
C:\WINDOWS\_detmp.4 : vllamw (0 bytes)
C:\WINDOWS\_detmp.4 : vorkbl (0 bytes)
C:\WINDOWS\_detmp.4 : vtwkho (0 bytes)
C:\WINDOWS\_detmp.4 : vvostd (0 bytes)
C:\WINDOWS\_detmp.4 : vxxohe (0 bytes)
C:\WINDOWS\_detmp.4 : whtmxb (0 bytes)
C:\WINDOWS\_detmp.4 : wzowmt (197761 bytes)
C:\WINDOWS\_detmp.4 : xbeieg (0 bytes)
C:\WINDOWS\_detmp.4 : xcyurv (0 bytes)
C:\WINDOWS\_detmp.4 : xkjloe (0 bytes)
C:\WINDOWS\_detmp.4 : xrjemg (0 bytes)

Tech Clinic / Can't get rid of viruses

« on: January 26, 2006, 06:08:19 AM »

i ran cleanup twice with your instructions but the virus is still present in that same folder. i also deleted my aboutbuster and redownloaded it. i ran it in safe mode and got the same "overflow" error. i also ran ewido and ad aware in safe mode. ewido came up woth the same 29 files it always finds. ad aware came up with nothing. it's only when i'm in normal mode that the avast virus found screen comes up when running ad aware. here is a fresh hjt log

Logfile of HijackThis v1.99.1
Scan saved at 5:04:24 AM, on 1/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\AVAST4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\AVAST4\ashDisp.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136010394515
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Tech Clinic / Can't get rid of viruses

« on: January 26, 2006, 01:34:20 AM »

the location of the file is c:\documentsandsettings\kerryandcolleen\localsettings\temp\AAWTMP
here is the spysweeper log.

********
12:04 AM: | Start of Session, Thursday, January 26, 2006 |
12:04 AM: Spy Sweeper started
12:04 AM: Sweep initiated using definitions version 605
12:04 AM: Starting Memory Sweep
12:06 AM: Memory Sweep Complete, Elapsed Time: 00:02:10
12:06 AM: Starting Registry Sweep
12:06 AM: Found Adware: websearch toolbar
12:06 AM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (7 subtraces) (ID = 146518)
12:06 AM: HKLM\software\toolbar\ (4 subtraces) (ID = 646240)
12:06 AM: Found Adware: cws_ns3
12:06 AM: HKCR\clsid\{ee60feae-009f-5e4a-fb06-eb54ef18c29e}\ (2 subtraces) (ID = 888308)
12:06 AM: Found Adware: cws_tiny0
12:06 AM: HKCR\clsid\{9adc5b7c-f0fa-a733-e146-85ce8933dc68}\ (2 subtraces) (ID = 980881)
12:06 AM: HKLM\software\classes\clsid\{9adc5b7c-f0fa-a733-e146-85ce8933dc68}\ (2 subtraces) (ID = 980889)
12:06 AM: HKCR\clsid\{60fc6862-9261-c47d-0f11-1c5e5c1b1dd6}\ (2 subtraces) (ID = 1107842)
12:06 AM: HKLM\software\classes\clsid\{60fc6862-9261-c47d-0f11-1c5e5c1b1dd6}\ (2 subtraces) (ID = 1107846)
12:06 AM: Registry Sweep Complete, Elapsed Time:00:00:07
12:06 AM: Starting Cookie Sweep
12:06 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:06 AM: Starting File Sweep
12:06 AM: alcxmntr.exe:qebzeu (ID = 56287)
12:07 AM: Warning: Failed to open file "c:\windows\". The system cannot find the path specified
12:07 AM: agrsmdel.exe:yejtkj (ID = 56601)
12:12 AM: Warning: Failed to open file "c:\windows\". The system cannot find the path specified
12:19 AM: Found Adware: webhancer
12:19 AM: ntsautodial.ini (ID = 188794)
12:19 AM: Warning: Unhandled Archive Type
12:23 AM: Warning: Invalid Stream
12:23 AM: Warning: Invalid Stream
12:23 AM: Warning: Invalid Stream
12:23 AM: Warning: Invalid Stream
12:23 AM: Warning: Invalid Stream
12:23 AM: Warning: Invalid Stream
12:23 AM: Warning: Invalid Stream
12:23 AM: Warning: Invalid Stream
12:23 AM: Warning: Invalid Stream
12:23 AM: Warning: Invalid Stream
12:24 AM: Warning: Invalid Stream
12:24 AM: File Sweep Complete, Elapsed Time: 00:17:44
12:24 AM: Full Sweep has completed. Elapsed time 00:20:04
12:24 AM: Traces Found: 31
12:25 AM: Removal process initiated
12:25 AM: Quarantining All Traces: cws_ns3
12:25 AM: Quarantining All Traces: websearch toolbar
12:25 AM: websearch toolbar is in use. It will be removed on reboot.
12:25 AM: HKLM: software\toolbar\ is in use. It will be removed on reboot.
12:25 AM: Quarantining All Traces: cws_tiny0
12:25 AM: Quarantining All Traces: webhancer
12:25 AM: Removal process completed. Elapsed time 00:00:33
********
12:02 AM: | Start of Session, Thursday, January 26, 2006 |
12:02 AM: Spy Sweeper started
12:03 AM: Your spyware definitions have been updated.
12:04 AM: | End of Session, Thursday, January 26, 2006 |

Tech Clinic / Can't get rid of viruses

« on: January 25, 2006, 07:21:05 AM »

Not sure if this is related to what we are trying to do here but i hope it is. I ran ad aware a little while ago to see what it would find and an avast screen pops up saying that a virus was found. so i delete the file and i restart the computer. i run ad aware again and up pops the same avast screen with another virus in the same location deep within my C drive. it is in a file called AAWTMP. i select delete again and restart my computer. i go to my computer to where this file is supposedly located and find nothing. so i run ad aware again and i get a virus in the same location again. i dont do anyhting, but i go back to my computer to look for the file again and there it is, where i just looked! i scan the AAWTMP folder with avast and a virus is found. i press delete and a screen pops up saying virus cannot be found. so i start killbox and select the AAWTMP file to be deleted. it deletes the file and i restart. but the virus is still present. it changes to a different name everytime and is hidden until found by avast. what can i do about this? i hate computers.

here is a fresh HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:15:38 AM, on 1/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\AVAST4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\AVAST4\ashDisp.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136010394515
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Tech Clinic / Can't get rid of viruses

« on: January 25, 2006, 01:54:01 AM »

Tried using regseeker to uninstall spysweeper. would not work. i ran housecall earlier today and it found a few more viruses. i still have my old defender Pro antivirus CD. i don't use it b/c a friend of mine says it takes up too much space on a computer. should i install it if i can?

Tech Clinic / Can't get rid of viruses

« on: January 23, 2006, 04:43:24 AM »

spysweeper will not uninstall. when i go to add/remove programs is says that the uninstaller does not exist. so i went to the spysweeper program in the webroot folder to try and use the uninstaller icon but it still will not work. the icon is there but it says that it does not exist. here is a fresh HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 3:42:09 AM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\AVAST4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\AVAST4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136010394515
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Tech Clinic / Can't get rid of viruses

« on: January 22, 2006, 06:39:37 PM »

I removed I.E. host along with Java 2. i also merged fix.reg into the registry. Fxwebsearch found nothing. i ran spysweeper. it was unable to update though. here are the logs that you requested.

05:11 PM: |··· Start of Session, Sunday, 22 January 2006 ···|
05:11 PM: Spy Sweeper 3.0.0 (Build 129) started
05:22 PM: Sweep initiated using definitions version 507
05:22 PM: Sweeping memory for active spyware.
05:22 PM: Memory sweep has completed. Elapsed time 00:00:05
05:22 PM: Registry sweep initiated.
05:22 PM: Found: 18 Agent.ay Downloader registry traces.
05:22 PM: Found: 6 CWS_Hotoffers_DesktopHijacker registry traces.
05:22 PM: Found: 36 IEPlugin registry traces.
05:22 PM: Found: 28 Trojan-Downloader-BQAdSearch registry traces.
05:22 PM: Found: 6 Trojan-Downloader-WinShow registry traces.
05:22 PM: Found: 12 Trojan_Downloader_Tibser registry traces.
05:22 PM: Found: 1 CWS_youriskalka.com Hijack registry traces.
05:22 PM: Found: 18 TvMedia registry traces.
05:22 PM: Found: 1 www.oneclicksearches.com Hijack registry traces.
05:22 PM: Found: 27 WebSearch Toolbar registry traces.
05:22 PM: Found: 20 CWS_NS3 registry traces.
05:22 PM: Found: 6 CWS_TINY0 registry traces.
05:22 PM: Registry sweep completed. Elapsed time 00:00:11
05:22 PM: Full sweep on all local drives initiated.
05:22 PM: Now sweeping drive C:
05:23 PM: Found Cookie: DomainSponsor Cookie, version 1, c:\documents and settings\kerry and colleen\cookies\kerry and [email protected][1].txt
05:25 PM: Found Adware: Security iGuard, version 1, c:\windows\help\chmhelp.chm
05:29 PM: Found: 2 file traces.
05:29 PM: Full Sweep has completed. Elapsed time 00:07:29
38,549 files swept
181 spyware traces located
05:30 PM: Removal process initiated
05:30 PM: Quarantining: Agent.ay Downloader
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data\md
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data\md||data3
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data\md
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data\md||data3
05:33 PM: Quarantining: CWS_Hotoffers_DesktopHijacker
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\data||(-default-)
05:33 PM: Quarantining: DomainSponsor Cookie
05:33 PM: Cookie: c:\documents and settings\kerry and colleen\cookies\kerry and [email protected][1].txt
05:33 PM: Quarantining: IEPlugin
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data\md
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data\md||data3
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\inprocserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\data\md
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\data\md||data3
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\inprocserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\data\md
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\data\md||data3
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data\md
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data\md||data3
05:33 PM: Quarantining: Security iGuard
05:33 PM: File: c:\windows\help\chmhelp.chm
05:33 PM: Quarantining: Trojan-Downloader-BQAdSearch
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\localserver32
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\data||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\localserver32||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data\md
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data\md||data3
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\localserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\localserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data\md
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data\md||data3
05:33 PM: Quarantining: Trojan-Downloader-WinShow
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}\data||(-default-)
05:33 PM: Quarantining: Trojan_Downloader_Tibser
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}\data||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}\data||(-default-)
05:33 PM: Quarantining: CWS_youriskalka.com Hijack
05:33 PM: Registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\searchurl||provider
05:33 PM: Quarantining: TvMedia
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data\md
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data\md||data3
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data\md
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data\md||data3
05:33 PM: Quarantining: www.oneclicksearches.com Hijack
05:33 PM: Registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\main||use search asst
05:33 PM: Quarantining: WebSearch Toolbar
05:33 PM: Registry: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_wintoolssvc
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\toolbar
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.pluginconfig\clsid
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.plugindown\clsid
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.plugindownadd\clsid
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.pluginevents\clsid
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.plugininst\clsid
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.pluginserver\clsid
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.toolbarscript\clsid
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\localserver32
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\localserver32||threadingmodel
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\progid
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\typelib
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\version
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\version||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\typelib||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\progid||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\localserver32||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.toolbarscript\clsid||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.pluginserver\clsid||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.plugininst\clsid||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.pluginevents\clsid||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.plugindownadd\clsid||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.plugindown\clsid||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\tbps.pluginconfig\clsid||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_wintoolssvc\0000
05:33 PM: Registry: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_wintoolssvc||nextinstance
05:33 PM: Quarantining: CWS_NS3
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{38d49e75-22ad-792c-2e36-24f44a9a7e2d}\data\md
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{38d49e75-22ad-792c-2e36-24f44a9a7e2d}\inprocserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{e631a3af-2375-8d4c-66b1-aab77c548825}\inprocserver32
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{e631a3af-2375-8d4c-66b1-aab77c548825}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{e631a3af-2375-8d4c-66b1-aab77c548825}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{38d49e75-22ad-792c-2e36-24f44a9a7e2d}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{38d49e75-22ad-792c-2e36-24f44a9a7e2d}\inprocserver32||threadingmodel
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{38d49e75-22ad-792c-2e36-24f44a9a7e2d}\data\md||data3
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32||threadingmodel
05:33 PM: Quarantining: CWS_TINY0
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}\data
05:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}\data||(-default-)
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}\data
05:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}\data||(-default-)
05:33 PM: Cleaning Traces
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\localserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{e631a3af-2375-8d4c-66b1-aab77c548825}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{e631a3af-2375-8d4c-66b1-aab77c548825}\inprocserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data\md
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\inprocserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\data\md
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{6982c7d9-061e-aa2d-89cc-05af765683f2}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{38d49e75-22ad-792c-2e36-24f44a9a7e2d}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{38d49e75-22ad-792c-2e36-24f44a9a7e2d}\inprocserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{38d49e75-22ad-792c-2e36-24f44a9a7e2d}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{38d49e75-22ad-792c-2e36-24f44a9a7e2d}\data\md
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\inprocserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\data\md
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{21d26c8d-f485-1400-d908-54562044e0ff}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data\md
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data\md
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data\md
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_wintoolssvc|| (nextinstance)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_wintoolssvc
05:33 PM: Blasting registry: HKEY_LOCAL_MACHINE\software\toolbar
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\tbps.toolbarscript\clsid
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\tbps.pluginserver\clsid
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\tbps.plugininst\clsid
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\tbps.pluginevents\clsid
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\tbps.plugindownadd\clsid
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\tbps.plugindown\clsid
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\tbps.pluginconfig\clsid
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ff731508-cd28-e0b0-3e85-0cf55fde9fba}\inprocserver32
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{fd3ea93f-bce8-a28b-aa76-2d55e711675b}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\localserver32
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\version
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\typelib
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\progid
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\localserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\localserver32
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\inprocserver32
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data\md
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\inprocserver32
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data\md
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{1eb9a5c3-8be0-1184-bf52-28550086ec10}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\inprocserver32
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data\md
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{178ed832-5662-af21-dcb5-9071147c3af6}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\inprocserver32
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data\md|| (data3)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data\md
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}\data
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{17151197-586c-9ecf-1cc7-eaeda430efc7}
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32|| (threadingmodel)
05:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{0cf849ed-e455-35c5-d9ad-0d802e5904a1}\inprocserver32
05:33 PM: Replacing registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\searchurl|| (provider) || ()
05:33 PM: Removing registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\main|| (use search asst)
05:33 PM: Removing file: c:\windows\help\chmhelp.chm
05:33 PM: Removing file: c:\documents and settings\kerry and colleen\cookies\kerry and [email protected][1].txt
05:33 PM: Removal process completed. Elapsed time 00:02:11
14 items (179 traces) quarantined.

Logfile of HijackThis v1.99.1
Scan saved at 5:39:01 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\AVAST4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\AVAST4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136010394515
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Tech Clinic / Can't get rid of viruses

« on: January 21, 2006, 02:31:55 AM »

ran share.reg. also spybot, cleanup and ewido. here's the HJT log, uninstall list along with ewido report. also the firewall is up and running.

Logfile of HijackThis v1.99.1
Scan saved at 1:22:15 AM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136010394515
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         1:09:35 AM, 1/21/2006
+ Report-Checksum:      FA770021

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{CAE0999F-78C5-49DC-9F30-13142AAAABA4} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Error during cleaning
   HKLM\SOFTWARE\Toolbar -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Toolbar\Files -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Toolbar\Install -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Toolbar\PlugIns -> Spyware.WebSearch : Error during cleaning
   HKLM\SOFTWARE\Toolbar\Server -> Spyware.WebSearch : Error during cleaning
   HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc -> Spyware.WebSearch : Error during cleaning
   C:\Documents and Settings\kerry and colleen\Cookies\kerry and [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

::Report End

Ad-Aware SE Personal
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
avast! Antivirus
CleanUp!
Compaq Connections
EPSON Printer Software
ewido anti-malware
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
I.E. Host
iPod for Windows 2005-09-06
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Lavasoft VX2 Cleaner
Microsoft .NET Framework 1.1
Microsoft Office Standard Edition 2003
Microsoft Word Viewer 97
Microsoft Works 7.0
Napster
Napster Burn Engine
QuickTime
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Sonic Update Manager
Spy Sweeper
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Tweakui Powertoy for Windows XP
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
USB Storage Driver
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

Pages: [1] 2 3

TheTechGuide Forum

News:

Show Posts

Messages - indigenous1

Tech Clinic / Do i have a virus?

Tech Clinic / Do i have a virus?

Tech Clinic / Do i have a virus?

Tech Clinic / How to remove win32.p2p.worm.alcan.a from Win ME

Tech Clinic / How to remove win32.p2p.worm.alcan.a from Win ME

Tech Clinic / How to remove win32.p2p.worm.alcan.a from Win ME

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses

Tech Clinic / Can't get rid of viruses